Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private Datasets: Checking dataset accessibility in kamu subcommands (multi-tenant workspace) #1055

Open
Tracked by #676
s373r opened this issue Feb 4, 2025 · 1 comment
Open
Tracked by #676

Private Datasets: Checking dataset accessibility in kamu subcommands (multi-tenant workspace) #1055

s373r opened this issue Feb 4, 2025 · 1 comment
Labels
enhancement New feature or request good first issue Good for newcomers rust Pull requests that update Rust code

Comments

@s373r
Copy link
Member

s373r commented Feb 4, 2025

Preamble

We have implemented dataset availability checks in API (HTTP, GQL), so, for example, we cannot access another user's private datasets.
However, if we work locally with a workspace (multi-tenant) using kamu CLI, some of the checks are missing.

The purpose of this ticket is to achieve consistency/parity with the API when accessing other users' datasets.

Points of technical interest/patterns

In general, it is possible to identify generalized patterns (P) for obtaining datasets that are currently in use:

P1) Addressing a single dataset:

let dataset_handle = self
    .dataset_registry
    .resolve_dataset_handle_by_ref(&self.dataset_ref)
    .await
    .map_err(CLIError::failure)?;

P2) Obtaining datasets by pattern:

let dataset_handles = kamu::utils::datasets_filtering::filter_datasets_by_local_pattern(
        self.dataset_registry.as_ref(),
        self.dataset_ref_patterns.clone(),
    )
    .try_collect::<Vec<odf::DatasetHandle>>()
    .await?;

P3) Retrieving all datasets, followed by checking by arbitrary conditions

let dataset_handles = self.dataset_registry
    .all_dataset_handles()
    .try_collect::<Vec<odf::DatasetHandle>>()
    .await?;

Possible approaches when implementing checks:

A1) Straightforward: we can apply DatasetActionAuthorizer to the received dataset_handle(s), which will sift through the datasets, identifying only those to which the current user has access.

Optionally, the sifting can be hidden inside the filtering utilities: kamu::utils::datasets_filtering::*.

A2) Continue the trend of extracting (generalizing) use cases that may absorb the access checks.

As a reference implementation, it is suggested to check: ViewDatasetUseCase, EditDatasetUseCase. In some cases, these use cases will be enough to use.

The choice of proportion between the two approaches (A1, A2) is determined on the spot.
@s373r s373r added enhancement New feature or request good first issue Good for newcomers rust Pull requests that update Rust code labels Feb 4, 2025
@s373r s373r mentioned this issue Feb 4, 2025
Open
22 tasks
@s373r
Copy link
Member Author

s373r commented Feb 4, 2025

It's worth considering using the tweaks from #1057 to simplify the job

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@s373r