list connections as NON-Admin

MRvLuijpen
MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron
edited July 16 in Using Dataiku

Hello Community,

I was wondering if it is possible to get a list of all available connection, if I am not a dataiku Admin.

It seems that the function is restricted to Admin only.

import dataiku
client = dataiku.api_client()
print(client.list_connections())

results in

DataikuException: com.dataiku.dip.exceptions.UnauthorizedException: Action forbidden, you are not admin

I'm not interested in all possible connections, only the ones that are available to me as user.

Thanks in advance.

Marc Robert

Answers

  • PierreB
    PierreB Dataiker Posts: 6 Dataiker

    Hello,

    This endpoint retrieves all connections with their metadata. These informations should only be available to administrator.

    As a result, we cannot let user use it to retrieve the connection list.

    Could you share your current goal, to see if we can find a workaround?

    Thank you,
    Pierre B.

  • MRvLuijpen
    MRvLuijpen Partner, L2 Admin, L2 Designer, Dataiku DSS Core Designer, Dataiku DSS & SQL, Dataiku DSS ML Practitioner, Dataiku DSS Core Concepts, Neuron 2020, Neuron, Dataiku DSS Adv Designer, Registered, Dataiku DSS Developer, Neuron 2021, Neuron 2022, Frontrunner 2022 Finalist, Frontrunner 2022 Winner, Frontrunner 2022 Participant, Neuron 2023 Posts: 107 Neuron

    Hello Pierre,

    We have an advanced user, who is developing a plugin which does some automatic user-defined quality checks on a connection. This plugin should enable any of the users to select one of the available connections and have the quality checks performed. Since we have many connections (> 150), multiple teams (>40) and 3 different DSS instances, the user should only see/select their own connections in the plugin.

    The fields of interest are :

    • the actual servername,
    • the actual database name,
    • the DSS connection name

    We have tried to keep the DSS Connection name to be the combination of the actual Servername together with the actual database name.

    Hope this helps.

    Thanks in advance,

    Marc Robert

  • PierreB
    PierreB Dataiker Posts: 6 Dataiker

    Hello,

    Currently, only the administrators could retrieve privileges associated to a connection. As a side effect, you cannot list connection if you are a user.

    Due to this constraint, your use case will be really hard to achieve.

    We will consider improving this behavior.

    Regards,

    Pierre Bailly-Ferry

  • tim-wright
    tim-wright Partner, L2 Designer, Snowflake Advanced, Neuron 2020, Registered, Neuron 2021, Neuron 2022 Posts: 77 Partner
    edited July 17

    @MRvLuijpen
    and @PierreB
    is there anyway to build the logic into the plugin itself? Specifically I see that the code here: https://doc.dataiku.com/dss/latest/plugins/reference/params.html#dynamic-select-using-python states you can dynamically generate the selections.

    I was fooling around with this because it seemed like an interesting puzzle. I think you can be able to combine some usage of the public and internal dataiku APIs to help. The biggest problem (and most probably a dealbreaker- is that I am not sure how to hide the Admin API key -- having it embedded in plain text is gross I know.) If there is a way to externalize and reference the DSS host and API key (such that it is secure from unwanted eyes) This might work for you.

    import dataiku
    import dataikuapi
    import json
    
    ## NEED TO FIND A WAY (IF POSSIBLE) TO EXTERNALIZE THESE SOME PLACE SAFE ##
    host= 'http://127.0.0.1:10000'  # This DSS Host 
    key=  "821323j7XyGx5T1nawyxY6gV1RSowc3"   #This is an ADMIN API Key
    
    # Helper functions--- get the groups the user running the plugin belongs to
    def get_users_groups():
        client= dataiku.api_client() # Will assume authorization from the DSS context (e.g. user running the plugin)
        user_settings = client.get_own_user().get_settings().settings
        return user_settings['groups']
    
    # Helper functions--- use admin api key and public API to get all connection details:
    def get_conns_and_groups(host, api_key):
        pub_client = dataikuapi.DSSClient(host, api_key)
        connections = pub_client.list_connections()
        return {conn: v['allowedGroups'] for conn, v in connections.iteritems()}
    
    
    # Return a list of the dictionary choices that should populate the SELECT box
    def get_appropriate_conns(host, api_key):
        all_conns = get_conns_and_groups(host, api_key) # All connections
        user_groups = get_users_groups() # User Groups
        available_connections = [] # Initialize list to store User's groups
        
        # Iterate over the "allowed groups" in check the groups allowed to use. If they align with any of the groups this user belongs to. Add it to their selections
        for conn, conn_groups in all_conns.iteritems():
            if not conn_groups: # If allowable groups is empty Anyone can use the connection (I THINK??)
                available_connections.append({'value': conn, "label": conn})
            else:
                for group in user_groups:
                    if group in conn_groups:
                        available_connections.append({'value': conn, "label": conn})
                        break
        return available_connections
    
    # Calculate the dictionary and return values to the SELECT
    def do(payload, config, plugin_config, inputs):
        choices = get_appropriate_conns(host, key)
        return {"choices": choices}

    Last note: Not 100% sure the logic to combine the connection details with the user's groups is 100% accurate.

Setup Info
    Tags
      Help me…