Open
Description
/kind question
Question:
I am trying to authenticate user with Azure AD. The header sent to Kubeflow contains no Authorization token now, so the user is [email protected]. And I read through the centraldashboard-v1.6.1/app/api_workgroup.ts
/**
* Builds EnvironmentInfo for the case without identity awareness
*/
private async getBasicEnvironment(user: User.User): Promise<EnvironmentInfo> {
const [platform, namespaces] = await Promise.all([
this.getPlatformInfo(),
this.getAllWorkgroups(user.email),
]);
return {
user: user.email,
platform,
namespaces,
isClusterAdmin: true,
};
}
/**
* Retrieves all namespaces in case of basic auth.
*/
async getAllWorkgroups(fakeUser: string): Promise<SimpleBinding[]> {
const bindings = await this.profilesService.readBindings();
const namespaces = mapWorkgroupBindingToSimpleBinding(
bindings.body.bindings || []
);
const names = new Set(namespaces.map((n) => n.namespace));
return Array.from(names).map((n) => ({
namespace: n,
role: 'contributor',
user: fakeUser,
}));
}
When !req.user.hasAuth, it will get all existing profiles, this [email protected] can modify resources in other profiles. What's the purpose of this design? Or do I get something wrong?
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
Needs Triage