prototype for adding user modes

We really just need to allow setting auth (to get to the server)
with the kind of request that is done once you are authenticated.
Right now, the two variables are tangled. With this setting
we should be able to enable auth and still ask for single user
mode, to be tested!

Signed-off-by: vsoch <[email protected]>

app/core/config.py

@@ -88,8 +88,15 @@ class Settings(BaseSettings):
     db_file: str = "sqlite:///./flux-restful.db"
     flux_user: str = os.environ.get("FLUX_USER") or "fluxuser"
     flux_token: Optional[str] = os.environ.get("FLUX_TOKEN")
+    flux_server_mode: Optional[str] = (
+        os.environ.get("FLUX_SERVER_MODE") or "single-user"
+    )
     secret_key: str = os.environ.get("FLUX_SECRET_KEY") or generate_secret_key()
 
+    # Validate the server mode provided.
+    if flux_server_mode not in ["single-user", "multi-user"]:
+        raise ValueError("FLUX_SERVER_MODE must be single-user or multi-user")
+
     # Expires in 10 hours
     access_token_expires_minutes: int = get_int_envar(
         "FLUX_ACCESS_TOKEN_EXPIRES_MINUTES", 600

app/library/auth.py

@@ -28,6 +28,7 @@ def alert_auth():
         if settings.secret_key
         else "🍓   Secret key: unset"
     )
+    print("🍓  Server mode: %s" % settings.flux_server_mode)
     print(
         "🍓    Flux user: %s" % ("*" * len(settings.flux_user))
         if settings.flux_user

app/library/flux.py

@@ -33,8 +33,8 @@ def submit_job(handle, fluxjob, user):
     elif user and isinstance(user, str):
         print(f"User submitting job {user}")
 
-    # If we don't have auth enabled, submit in single-user mode
-    if not settings.require_auth:
+    # If we don't have auth enabled or request is for single-user mode
+    if not settings.require_auth or settings.flux_server_mode == "single-user":
         print("Submit in single-user mode.")
         return flux.job.submit_async(handle, fluxjob)
 

clients/python/CHANGELOG.md

@@ -14,6 +14,8 @@ and **Merged pull requests**. Critical items to know are:
 The versions coincide with releases on pip. Only major versions will be released as tags on Github.
 
 ## [0.0.x](https://github.com/flux-framework/flux-restful-api/tree/main) (0.0.x)
+ - Fix bug with submit and POST needing params (0.2.1)
+ - New release with updated client (0.2.0)
  - Update to use newer versions of fastapi, etc (0.1.15)
    - option_flags is a flat string list of values
  - Expose host to environment and bug fix for logs (0.1.14)

clients/python/flux_restful_client/main/client.py

@@ -112,7 +112,7 @@ def do_request(
                     method, url, json=data, params=params, headers=headers
                 )
             if method == "POST":
-                response = self.session.post(url, params=data, headers=headers)
+                response = self.session.post(url, data=data, headers=headers)
             elif method == "GET" and stream:
                 response = self.session.stream(
                     method, url, params=params, headers=headers

clients/python/flux_restful_client/version.py

@@ -1,4 +1,4 @@
-__version__ = "0.2.0"
+__version__ = "0.2.1"
 AUTHOR = "Vanessa Sochat"
 EMAIL = "[email protected]"
 NAME = "flux-restful-client"

docs/getting_started/user-guide.md

@@ -17,6 +17,19 @@ There are two modes of interaction:
  - **multi-user mode**: requires authentication via the RESTful API with an encoded payload to request expiring tokens. When authentication is successful, the
    job is run as the same user on the system on behalf of the flux user.
 
+To control the user mode, you can export it to the environment where you are running the server:
+
+```bash
+# This is the default
+export FLUX_SERVER_MODE=single-user
+
+# This will have the flux user attempt to sign the payload with sudo
+export FLUX_SERVER_MODE=multi-user
+```
+
+Note that the majority of our use cases use single-user mode, so you can expect more bugs / work to be
+done with multi-user.
+
 ### Authentication
 
 If you choose to deploy without authentication, this is a ⚠️ proceed at your own risk ⚠️ sort of deal.