Wallaroo MLOps API Essentials Guide: User Management

How to use the Wallaroo API for User Management

Table of Contents

Users

Get Users

Users can be retrieved either by their Keycloak user id, or return all users if an empty set {} is submitted.

  • Parameters
    • {}: Empty set, returns all users.
    • user_ids Array[Keycloak user ids]: An array of Keycloak user ids, typically in UUID format.

Example: The first example will submit an empty set {} to return all users, then submit the first user’s user id and request only that user’s details.

# Get all users

# Retrieve the token 
headers = wl.auth.auth_header()

api_request = f"{APIURL}/v1/api/users/query"
data = {
}

response = requests.post(api_request, json=data, headers=headers, verify=True).json()
response

{'users': {'028c8b48-c39b-4578-9110-0b5bdd3824da': {'access': {'manageGroupMembership': True,
    'impersonate': False,
    'view': True,
    'manage': True,
    'mapRoles': True},
   'createdTimestamp': 1684355671859,
   'disableableCredentialTypes': [],
   'email': 'john.hummel@wallaroo.ai',
   'emailVerified': False,
   'enabled': True,
   'firstName': 'John',
   'id': '028c8b48-c39b-4578-9110-0b5bdd3824da',
   'lastName': 'Hansarick',
   'notBefore': 0,
   'requiredActions': [],
   'username': 'john.hummel@wallaroo.ai'},
  'de777519-2963-423a-92d2-e6e26d687527': {'access': {'manage': True,
    'manageGroupMembership': True,
    'mapRoles': True,
    'impersonate': False,
    'view': True},
   'createdTimestamp': 1684355337295,
   'disableableCredentialTypes': [],
   'emailVerified': False,
   'enabled': True,
   'id': 'de777519-2963-423a-92d2-e6e26d687527',
   'notBefore': 0,
   'requiredActions': [],
   'username': 'admin'}}}

# Get first user Keycloak id
# Retrieve the token 
headers = wl.auth.auth_header()

# retrieved from the previous request
first_user_keycloak = list(response['users'])[0]

api_request = f"{APIURL}/v1/api/users/query"

data = {
  "user_ids": [
    first_user_keycloak
  ]
}

response = requests.post(api_request, json=data, headers=headers, verify=True).json()
response

{'users': {'028c8b48-c39b-4578-9110-0b5bdd3824da': {'access': {'mapRoles': True,
    'view': True,
    'manage': True,
    'manageGroupMembership': True,
    'impersonate': False},
   'createdTimestamp': 1684355671859,
   'disableableCredentialTypes': [],
   'email': 'john.hummel@wallaroo.ai',
   'emailVerified': False,
   'enabled': True,
   'federatedIdentities': [{'identityProvider': 'google',
     'userId': '117610299312093432527',
     'userName': 'john.hummel@wallaroo.ai'}],
   'firstName': 'John',
   'id': '028c8b48-c39b-4578-9110-0b5bdd3824da',
   'lastName': 'Hansarick',
   'notBefore': 0,
   'requiredActions': [],
   'username': 'john.hummel@wallaroo.ai'}}}

Invite Users

IMPORTANT NOTE: This command is for YOUR SUFFIX only. For more details on user management, see Wallaroo User Management.

Users are invited through /users/invite. When using YOUR SUFFIX, this will send an invitation email to the email address listed. Note that the user must not already be a member of the Wallaroo instance, and email addresses must be unique. If the email address is already in use for another user, the request will generate an error.

  • Parameters
    • email *(REQUIRED string): The email address of the new user to invite.
    • password (OPTIONAL string): The assigned password of the new user to invite. If not provided, the Wallaroo instance will provide the new user a temporary password that must be changed upon initial login.

Example: In this example, a new user will be invited to the Wallaroo instance and assigned a password.

# invite users

Retrieve the token 
headers = wl.auth.auth_header()

api_request = f"{APIURL}/v1/api/users/invite"

data = {
    "email": new_user,
    "password":new_user_password
}

response = requests.post(api_request, json=data, headers=headers, verify=True).json()
response

Deactivate User

Users can be deactivated so they can not login to their Wallaroo instance. Deactivated users do not count against the Wallaroo license count.

  • Parameters
    • email (REQUIRED string): The email address of the user to deactivate.

Example: In this example, the deactivated_user will be deactivated.

## Deactivate users

# Retrieve the token 
headers = wl.auth.auth_header()

api_request = f"{APIURL}/v1/api/users/deactivate"

data = {
    "email": new_user
}

response = requests.post(api_request, json=data, headers=headers, verify=True).json()
response

Activate User

A deactivated user can be reactivated to allow them access to their Wallaroo instance. Activated users count against the Wallaroo license count.

  • Parameters
    • email (REQUIRED string): The email address of the user to activate.

Example: In this example, the activated_user will be activated.

## Activate users

# Retrieve the token 
headers = wl.auth.auth_header()
api_request = f"{APIURL}/v1/api/users/activate"

data = {
    "email": new_user
}

response = requests.post(api_request, json=data, headers=headers, verify=True).json()
response

Troubleshooting

When a new user logs in for the first time, they get an error when uploading a model or issues when they attempt to log in. How do I correct that?

When a new registered user attempts to upload a model, they may see the following error:

TransportQueryError: 
{'extensions': 
    {'path': 
        '$.selectionSet.insert_workspace_one.args.object[0]', 'code': 'not-supported'
    }, 
    'message': 
        'cannot proceed to insert array relations since insert to table "workspace" affects zero rows'

Or if they log into the Wallaroo Dashboard, they may see a Page not found error.

This is caused when a user has been registered without an appropriate email address. See the user guides here on inviting a user, or the Wallaroo Enterprise User Management on how to log into the Keycloak service and update users. Verify that the username and email address are both the same, and they are valid confirmed email addresses for the user.