canonical/dex-auth-operator

Support for multiple static users

harshitmahapatra opened this issue · 2 comments

Type of issue
Feature Request

What
Multiple Static User Support

Why
Currently the charm configuration supports only one static username and a corresponding password:

 static_config = {
            "enablePasswordDB": True,
            "staticPasswords": [
                {
                    "email": static_username,
                    "hash": hashed,
                    "username": static_username,
                    "userID": self.state.user_id,
                }
            ],
        }

Dex auth supports multiple static users (they just need to be added to the staticPasswords list).

I understand that static password is only meant as a bootstrapping measure and not recommended for production, but having the ability to have multiple users would help better demonstrate the multi-user isolation feature of kubeflow.

I had similar notes:

Today, the dex-auth charm currently only allows modification of a single user. We can see this from the charm source code. The charm keeps track of variables self.state.username and self.state.password. This implies that the charm is only designed to configure a single user, overwriting the username and password whenever the config is updated.

To handle this, the charm config would need to be updated. It wouldn't be enough to just set single values like static-username and static-password. We'd need some way to add multiple username/password combinations.

@kimwnasptd Identified this use case:

A team of students wants to use Kubeflow for an assignment.

  1. They get a machine everyone can access
  2. Install charmed kubeflow
  3. Create a user for each
  4. Everyone can work on their namespace and also share their findings, which live in the same cluster