Some more user_proxy related notes #275 eu-cdse/openeo-cdse-infra#56

Open-EO · Mar 29, 2024 · 8a7c9b4 · 8a7c9b4
1 parent 1844266
commit 8a7c9b4
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/openeo_driver/backend.py b/openeo_driver/backend.py
@@ -753,6 +753,11 @@ def summarize_exception(self, error: Exception) -> Union[ErrorSummary, Exception
 
     def set_preferred_username_getter(self, getter: Callable[[User], Optional[str]]):
         # TODO #275 this "proxy_user" feature is YARN/Spark/VITO specific. Move it to oppeno-geopyspark-driver?
+        # TODO this method talks about "preferred_username" but is currently used to propagate
+        #      the YARN proxy_user (which must be unique and does align very well with a user chosen preferred username)
+        #      In other cases (eu-cdse/openeo-cdse-infra#56) we might generate the YARN proxy_user
+        #      in an even more constrained way, completely separate from any preferred username.
+        #      In short: this method's name might set wrong expectations.
         self.batch_jobs.set_proxy_user_getter(getter)
 
     def user_access_validation(self, user: User, request: flask.Request) -> User:

diff --git a/openeo_driver/config/config.py b/openeo_driver/config/config.py
@@ -55,7 +55,7 @@ class OpenEoBackendConfig:
 
     # Mapping of `(oidc_provider id, token_sub) to extra user info dictionary, with:
     # - `token_sub`: OIDC token "sub" field, identifying a user (or client in case of client credentials grant).
-    # Example use case: specifying the YARN proxy user to use for batch jobs of service accounts.
+    # Example use case: specifying the YARN proxy user to run batch jobs with for service accounts (client credentials).
     oidc_user_map: Dict[Tuple[str, str], dict] = attrs.Factory(dict)
 
     # General Flask related settings