-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: rename impersonation options to use run-as nomenclature #92
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ddneilson
force-pushed
the
ddneilson/17257
branch
from
November 10, 2023 20:31
f932029
to
e6b94a8
Compare
Summary: The Worker Agent refers to the feature of running a job/session as a user separate from the os-user that under which the agent is running as the impersonation feature. This 'impersonation' nomenclature, though accurate as to the mechanics that are implemented, is not consistent with the naming used in the service. We wish to make the nomenclature consistent between the agent & service to reduce the probability of confusion. Solution: We change: 1. Configuration file's "[os] impersonation" option to "[os] jobs_run_as_agent_user". Impersonation had a default of true whereas the new option has a default of true; this is equivalent functionality. a. (BREAKING CHANGE) Providing the "impersonation" option in a configuration file is now an error. 2. (BREAKIN CHANGE) The environment variable to set whether "impersonation" is used was renamed from DEADLINE_WORKER_IMPERSONATION to DEADLINE_WORKER_JOBS_RUN_AS_AGENT_USER, and its value is inverted. "true" now means that we runs jobs as the agent user whereas it meant to run jobs as the Queue's jobsRunAsUser before. 3. The --jobs-run-as-agent-user CLI option was added, and the --no-impersonation option has been deprecated to be removed in a future release. The two options are mutually exclusive. Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com>
ddneilson
force-pushed
the
ddneilson/17257
branch
from
November 10, 2023 20:37
e6b94a8
to
8ae1752
Compare
gmchale79
approved these changes
Nov 10, 2023
jusiskin
approved these changes
Nov 10, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great job navigating this change and providing a helpful migration path. Just a few nits but I'll approve regardless.
ddneilson
commented
Nov 10, 2023
Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com>
jusiskin
approved these changes
Nov 10, 2023
gahyusuh
pushed a commit
that referenced
this pull request
Nov 17, 2023
* feat!: rename impersonation options to use run-as nomenclature Summary: The Worker Agent refers to the feature of running a job/session as a user separate from the os-user that under which the agent is running as the impersonation feature. This 'impersonation' nomenclature, though accurate as to the mechanics that are implemented, is not consistent with the naming used in the service. We wish to make the nomenclature consistent between the agent & service to reduce the probability of confusion. Solution: We change: 1. Configuration file's "[os] impersonation" option to "[os] jobs_run_as_agent_user". Impersonation had a default of true whereas the new option has a default of true; this is equivalent functionality. a. (BREAKING CHANGE) Providing the "impersonation" option in a configuration file is now an error. 2. (BREAKIN CHANGE) The environment variable to set whether "impersonation" is used was renamed from DEADLINE_WORKER_IMPERSONATION to DEADLINE_WORKER_JOBS_RUN_AS_AGENT_USER, and its value is inverted. "true" now means that we runs jobs as the agent user whereas it meant to run jobs as the Queue's jobsRunAsUser before. 3. The --jobs-run-as-agent-user CLI option was added, and the --no-impersonation option has been deprecated to be removed in a future release. The two options are mutually exclusive. Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com> --------- Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com>
gmchale79
pushed a commit
that referenced
this pull request
Feb 12, 2024
* feat!: rename impersonation options to use run-as nomenclature Summary: The Worker Agent refers to the feature of running a job/session as a user separate from the os-user that under which the agent is running as the impersonation feature. This 'impersonation' nomenclature, though accurate as to the mechanics that are implemented, is not consistent with the naming used in the service. We wish to make the nomenclature consistent between the agent & service to reduce the probability of confusion. Solution: We change: 1. Configuration file's "[os] impersonation" option to "[os] jobs_run_as_agent_user". Impersonation had a default of true whereas the new option has a default of true; this is equivalent functionality. a. (BREAKING CHANGE) Providing the "impersonation" option in a configuration file is now an error. 2. (BREAKIN CHANGE) The environment variable to set whether "impersonation" is used was renamed from DEADLINE_WORKER_IMPERSONATION to DEADLINE_WORKER_JOBS_RUN_AS_AGENT_USER, and its value is inverted. "true" now means that we runs jobs as the agent user whereas it meant to run jobs as the Queue's jobsRunAsUser before. 3. The --jobs-run-as-agent-user CLI option was added, and the --no-impersonation option has been deprecated to be removed in a future release. The two options are mutually exclusive. Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com> --------- Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com>
Closed
gmchale79
pushed a commit
that referenced
this pull request
Mar 11, 2024
* feat!: rename impersonation options to use run-as nomenclature Summary: The Worker Agent refers to the feature of running a job/session as a user separate from the os-user that under which the agent is running as the impersonation feature. This 'impersonation' nomenclature, though accurate as to the mechanics that are implemented, is not consistent with the naming used in the service. We wish to make the nomenclature consistent between the agent & service to reduce the probability of confusion. Solution: We change: 1. Configuration file's "[os] impersonation" option to "[os] jobs_run_as_agent_user". Impersonation had a default of true whereas the new option has a default of true; this is equivalent functionality. a. (BREAKING CHANGE) Providing the "impersonation" option in a configuration file is now an error. 2. (BREAKIN CHANGE) The environment variable to set whether "impersonation" is used was renamed from DEADLINE_WORKER_IMPERSONATION to DEADLINE_WORKER_JOBS_RUN_AS_AGENT_USER, and its value is inverted. "true" now means that we runs jobs as the agent user whereas it meant to run jobs as the Queue's jobsRunAsUser before. 3. The --jobs-run-as-agent-user CLI option was added, and the --no-impersonation option has been deprecated to be removed in a future release. The two options are mutually exclusive. Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com> --------- Signed-off-by: Daniel Neilson <53624638+ddneilson@users.noreply.github.com> Co-authored-by: Josh Usiskin <56369778+jusiskin@users.noreply.github.com> Signed-off-by: Graeme McHale <gmchale@amazon.com>
jusiskin
pushed a commit
to jusiskin/deadline-cloud-worker-agent
that referenced
this pull request
Sep 4, 2024
Signed-off-by: client-software-ci <129794699+client-software-ci@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What was the problem/requirement? (What/Why)
The Worker Agent refers to the feature of running a job/session as a
user separate from the os-user that under which the agent is running as the impersonation feature. This 'impersonation' nomenclature, though accurate as to the mechanics that are implemented, is not consistent with the naming used in the service. We wish to make the nomenclature consistent between the agent & service to reduce the probability of confusion.
What was the solution? (How)
We change:
a. (BREAKING CHANGE) Providing the "impersonation" option in a configuration file is now an error.
What is the impact of this change?
Clearer association between agent options and the service options.
How was this change tested?
I updated unit tests, and added a new one for new functionality. I also ran the agent in our docker testing container to check that jobs run correctly, and to verify the CLI exclusivity logic:
Was this change documented?
The CLI & configuration files are self-documenting.
Is this a breaking change?
Yes.