Merge pull request #538 from onepanelio/feat/update.migrations

feat: updated migrations for cvat, tf od training, maskrcnn

api/auth.proto

@@ -15,7 +15,7 @@ service AuthService {
 
     rpc IsAuthorized(IsAuthorizedRequest) returns (IsAuthorizedResponse) {
         option (google.api.http) = {
-            post: "/apis/v1beta1/auth",
+            post: "/apis/v1beta1/auth"
             body: "isAuthorized"
         };
     }

db/go/20200812104328_update_maskrcnn_and_tf_od.go

@@ -411,7 +411,7 @@ volumeClaimTemplates:
       requests:
         storage: 200Gi`
 
-const tensorflowObjectDetectionWorkflowTemplateName = "TensorFlow Object Detection Training"
+const tensorflowObjectDetectionWorkflowTemplateName = "TF Object Detection Training"
 
 func initialize20200812104328() {
 	if _, ok := initializedMigrations[20200812104328]; !ok {
@@ -475,7 +475,7 @@ func Up20200812104328(tx *sql.Tx) error {
 		}
 	}
 
-	// Update tf-od
+	// Create tf-od
 	workflowTemplate = &v1.WorkflowTemplate{
 		Name:     tensorflowObjectDetectionWorkflowTemplateName,
 		Manifest: tensorflowObjectDetectionWorkflowTemplate,
@@ -488,7 +488,7 @@ func Up20200812104328(tx *sql.Tx) error {
 	}
 
 	for _, namespace := range namespaces {
-		if _, err := client.CreateWorkflowTemplateVersion(namespace.Name, workflowTemplate); err != nil {
+		if _, err := client.CreateWorkflowTemplate(namespace.Name, workflowTemplate); err != nil {
 			return err
 		}
 	}

db/go/20200824095513_update_mask_rcnn.go

@@ -0,0 +1,247 @@
+package migration
+
+import (
+	"database/sql"
+	v1 "github.com/onepanelio/core/pkg"
+	"github.com/pressly/goose"
+)
+
+const maskRCNNTemplate2 = `arguments:
+  parameters:
+  - name: source
+    value: https://github.com/onepanelio/Mask_RCNN.git
+    displayName: Model source code
+    type: hidden
+    visibility: private
+
+  - name: cvat-annotation-path
+    value: annotation-dump/sample_dataset
+    hint: Path to annotated data in default object storage (i.e S3). In CVAT, this parameter will be pre-populated.
+    displayName: Dataset path
+    visibility: private
+    
+  - name: cvat-output-path
+    value: workflow-data/output/sample_output
+    hint: Path to store output artifacts in default object storage (i.e s3). In CVAT, this parameter will be pre-populated.
+    displayName: Workflow output path
+    visibility: private
+
+  - name: cvat-finetune-checkpoint
+    value: ''
+    hint: Select the last fine-tune checkpoint for this model. It may take up to 5 minutes for a recent checkpoint show here. Leave empty if this is the first time you're training this model.
+    displayName: Checkpoint path
+    visibility: public
+  
+  - name: cvat-num-classes
+    displayName: Number of classes
+    hint: Number of classes (i.e in CVAT taks) + 1 for background
+    value: 81
+    visibility: private
+    
+  - name: hyperparameters
+    displayName: Hyperparameters
+    visibility: public
+    type: textarea.textarea
+    value: |-
+      stage-1-epochs=1    #  Epochs for network heads
+      stage-2-epochs=2    #  Epochs for finetune layers
+      stage-3-epochs=3    #  Epochs for all layers
+    hint: "Please refer to our <a href='https://docs.onepanel.ai/docs/getting-started/use-cases/computervision/annotation/cvat/cvat_annotation_model#arguments-optional' target='_blank'>documentation</a> for more information on parameters. Number of classes will be automatically populated if you had 'sys-num-classes' parameter in a workflow."
+    
+  - name: dump-format
+    value: cvat_coco
+    displayName: CVAT dump format
+    visibility: public
+      
+  - name: tf-image
+    visibility: public
+    value: tensorflow/tensorflow:1.13.1-py3
+    type: select.select
+    displayName: Select TensorFlow image
+    hint: Select the GPU image if you are running on a GPU node pool
+    options:
+    - name: 'TensorFlow 1.13.1 CPU Image'
+      value: 'tensorflow/tensorflow:1.13.1-py3'
+    - name: 'TensorFlow 1.13.1 GPU Image'
+      value: 'tensorflow/tensorflow:1.13.1-gpu-py3'
+  
+  - displayName: Node pool
+    hint: Name of node pool or group to run this workflow task
+    type: select.select
+    visibility: public
+    name: sys-node-pool
+    value: Standard_D4s_v3
+    required: true
+    options:
+    - name: 'CPU: 2, RAM: 8GB'
+      value: Standard_D2s_v3
+    - name: 'CPU: 4, RAM: 16GB'
+      value: Standard_D4s_v3
+    - name: 'GPU: 1xK80, CPU: 6, RAM: 56GB'
+      value: Standard_NC6
+
+entrypoint: main
+templates:
+- dag:
+    tasks:
+    - name: train-model
+      template: tensorflow
+# Uncomment the lines below if you want to send Slack notifications
+#    - arguments:
+#        artifacts:
+#        - from: '{{tasks.train-model.outputs.artifacts.sys-metrics}}'
+#          name: metrics
+#        parameters:
+#        - name: status
+#          value: '{{tasks.train-model.status}}'
+#      dependencies:
+#      - train-model
+#      name: notify-in-slack
+#      template: slack-notify-success
+  name: main
+- container:
+    args:
+    - |
+      apt-get update \
+      && apt-get install -y git wget libglib2.0-0 libsm6 libxext6 libxrender-dev \
+      && pip install -r requirements.txt \
+      && pip install boto3 pyyaml google-cloud-storage \
+      && git clone https://github.com/waleedka/coco \
+      && cd coco/PythonAPI \
+      && python setup.py build_ext install \
+      && rm -rf build \
+      && cd ../../ \
+      && wget https://github.com/matterport/Mask_RCNN/releases/download/v2.0/mask_rcnn_coco.h5 \
+      && python setup.py install && ls \
+      && python samples/coco/cvat.py train --dataset=/mnt/data/datasets \
+        --model=workflow_maskrcnn \
+        --extras="{{workflow.parameters.hyperparameters}}"  \
+        --ref_model_path="{{workflow.parameters.cvat-finetune-checkpoint}}"  \
+        --num_classes="{{workflow.parameters.cvat-num-classes}}" \
+      && cd /mnt/src/ \
+      && python prepare_dataset.py /mnt/data/datasets/annotations/instances_default.json
+    command:
+    - sh
+    - -c
+    image: '{{workflow.parameters.tf-image}}'
+    volumeMounts:
+    - mountPath: /mnt/data
+      name: data
+    - mountPath: /mnt/output
+      name: output
+    workingDir: /mnt/src
+  nodeSelector:
+    beta.kubernetes.io/instance-type: '{{workflow.parameters.sys-node-pool}}'
+  inputs:
+    artifacts:
+    - name: data
+      path: /mnt/data/datasets/
+      s3:
+        key: '{{workflow.namespace}}/{{workflow.parameters.cvat-annotation-path}}'
+    - git:
+        repo: '{{workflow.parameters.source}}'
+        revision: "no-boto"
+      name: src
+      path: /mnt/src
+  name: tensorflow
+  outputs:
+    artifacts:
+    - name: model
+      optional: true
+      path: /mnt/output
+      s3:
+        key: '{{workflow.namespace}}/{{workflow.parameters.cvat-output-path}}/{{workflow.name}}'
+# Uncomment the lines below if you want to send Slack notifications
+#- container:
+#    args:
+#    - SLACK_USERNAME=Onepanel SLACK_TITLE="{{workflow.name}} {{inputs.parameters.status}}"
+#      SLACK_ICON=https://www.gravatar.com/avatar/5c4478592fe00878f62f0027be59c1bd
+#      SLACK_MESSAGE=$(cat /tmp/metrics.json)} ./slack-notify
+#    command:
+#    - sh
+#    - -c
+#    image: technosophos/slack-notify
+#  inputs:
+#    artifacts:
+#    - name: metrics
+#      optional: true
+#      path: /tmp/metrics.json
+#    parameters:
+#    - name: status
+#  name: slack-notify-success
+volumeClaimTemplates:
+- metadata:
+    creationTimestamp: null
+    name: data
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 200Gi
+- metadata:
+    creationTimestamp: null
+    name: output
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 200Gi`
+
+func initialize20200824095513() {
+	if _, ok := initializedMigrations[20200824095513]; !ok {
+		goose.AddMigration(Up20200824095513, Down20200824095513)
+		initializedMigrations[20200824095513] = true
+	}
+}
+
+// Up20200824095513 updates the maskrcnn workflow template
+func Up20200824095513(tx *sql.Tx) error {
+	// This code is executed when the migration is applied.
+	client, err := getClient()
+	if err != nil {
+		return err
+	}
+	defer client.DB.Close()
+
+	migrationsRan, err := getRanSQLMigrations(client)
+	if err != nil {
+		return err
+	}
+
+	if _, ok := migrationsRan[20200824095513]; ok {
+		return nil
+	}
+
+	namespaces, err := client.ListOnepanelEnabledNamespaces()
+	if err != nil {
+		return err
+	}
+
+	// Update maskrcnn
+	workflowTemplate := &v1.WorkflowTemplate{
+		Name:     maskRCNNWorkflowTemplateName,
+		Manifest: maskRCNNTemplate2,
+		Labels: map[string]string{
+			"used-by": "cvat",
+		},
+	}
+	if err := workflowTemplate.GenerateUID(workflowTemplate.Name); err != nil {
+		return err
+	}
+
+	for _, namespace := range namespaces {
+		if _, err := client.CreateWorkflowTemplateVersion(namespace.Name, workflowTemplate); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Down20200824095513 does nothing
+func Down20200824095513(tx *sql.Tx) error {
+	// This code is executed when the migration is rolled back.
+	return nil
+}

db/go/20200824101019_update_tf_object_detection_training.go

@@ -0,0 +1,277 @@
+package migration
+
+import (
+	"database/sql"
+	v1 "github.com/onepanelio/core/pkg"
+	"github.com/pressly/goose"
+)
+
+const tensorflowObjectDetectionTraining2 = `arguments:
+  parameters:
+  - name: source
+    value: https://github.com/tensorflow/models.git
+    displayName: Model source code
+    type: hidden
+    visibility: private
+
+  - name: trainingsource
+    value: https://github.com/onepanelio/cvat-training.git
+    type: hidden
+    visibility: private
+
+  - name: revision
+    value: v1.13.0
+    type: hidden 
+    visibility: private
+
+  - name: cvat-annotation-path
+    value: annotation-dump/sample_dataset
+    displayName: Dataset path
+    hint: Path to annotated data in default object storage (i.e S3). In CVAT, this parameter will be pre-populated.
+    visibility: private
+
+  - name: cvat-output-path
+    value: workflow-data/output/sample_output
+    hint: Path to store output artifacts in default object storage (i.e s3). In CVAT, this parameter will be pre-populated.
+    displayName: Workflow output path
+    visibility: private
+
+  - name: cvat-model
+    value: frcnn-res50-coco
+    displayName: Model
+    hint: TF Detection API's model to use for training.
+    type: select.select
+    visibility: public
+    options:
+    - name: 'Faster RCNN-ResNet 101-COCO'
+      value: frcnn-res101-coco
+    - name: 'Faster RCNN-ResNet 101-Low Proposal-COCO'
+      value: frcnn-res101-low
+    - name: 'Faster RCNN-ResNet 50-COCO'
+      value: frcnn-res50-coco
+    - name: 'Faster RCNN-NAS-COCO'
+      value: frcnn-nas-coco
+    - name: 'SSD MobileNet V1-COCO'
+      value: ssd-mobilenet-v1-coco2
+    - name: 'SSD MobileNet V2-COCO'
+      value: ssd-mobilenet-v2-coco
+    - name: 'SSDLite MobileNet-COCO'
+      value: ssdlite-mobilenet-coco
+  
+  - name: hyperparameters
+    value: |-
+      num-steps=10000
+    displayName: Hyperparameters
+    visibility: public
+    type: textarea.textarea
+    hint: "Please refer to our <a href='https://docs.onepanel.ai/docs/getting-started/use-cases/computervision/annotation/cvat/cvat_annotation_model#arguments-optional' target='_blank'>documentation</a> for more information on parameters. Number of classes will be automatically populated if you had 'sys-num-classes' parameter in a workflow."
+  
+  - name: cvat-finetune-checkpoint
+    value: ''
+    hint: Select the last fine-tune checkpoint for this model. It may take up to 5 minutes for a recent checkpoint show here. Leave empty if this is the first time you're training this model.
+    displayName: Checkpoint path
+    visibility: public
+    
+  - name: cvat-num-classes
+    value: 81
+    hint: Number of classes
+    displayName: Number of classes
+    visibility: private
+
+  - name: tf-image
+    value: tensorflow/tensorflow:1.13.1-py3
+    type: select.select
+    displayName: Select TensorFlow image
+    visibility: public
+    hint: Select the GPU image if you are running on a GPU node pool
+    options:
+    - name: 'TensorFlow 1.13.1 CPU Image'
+      value: 'tensorflow/tensorflow:1.13.1-py3'
+    - name: 'TensorFlow 1.13.1 GPU Image'
+      value: 'tensorflow/tensorflow:1.13.1-gpu-py3'
+
+  - displayName: Node pool
+    hint: Name of node pool or group to run this workflow task
+    type: select.select
+    name: sys-node-pool
+    value: Standard_D4s_v3
+    visibility: public
+    required: true
+    options:
+    - name: 'CPU: 2, RAM: 8GB'
+      value: Standard_D2s_v3
+    - name: 'CPU: 4, RAM: 16GB'
+      value: Standard_D4s_v3
+    - name: 'GPU: 1xK80, CPU: 6, RAM: 56GB'
+      value: Standard_NC6
+  - name: dump-format
+    value: cvat_tfrecord
+    visibility: public
+entrypoint: main
+templates:
+- dag:
+    tasks:
+    - name: train-model
+      template: tensorflow
+# Uncomment the lines below if you want to send Slack notifications
+#    - arguments:
+#        artifacts:
+#        - from: '{{tasks.train-model.outputs.artifacts.sys-metrics}}'
+#          name: metrics
+#        parameters:
+#        - name: status
+#          value: '{{tasks.train-model.status}}'
+#      dependencies:
+#      - train-model
+#      name: notify-in-slack
+#      template: slack-notify-success
+  name: main
+- container:
+    args:
+    - |
+      apt-get update && \
+      apt-get install -y python3-pip git wget unzip libglib2.0-0 libsm6 libxext6 libxrender-dev && \
+      pip install pillow lxml Cython contextlib2 jupyter matplotlib numpy scipy boto3 pycocotools pyyaml google-cloud-storage && \
+      cd /mnt/src/tf/research && \
+      export PYTHONPATH=$PYTHONPATH:` + "`pwd`:`pwd`" + `/slim && \
+      cd /mnt/src/train && \
+      python convert_workflow.py \
+        --extras="{{workflow.parameters.hyperparameters}}" \
+        --model="{{workflow.parameters.cvat-model}}" \
+        --num_classes="{{workflow.parameters.cvat-num-classes}}" \
+        --sys_finetune_checkpoint={{workflow.parameters.cvat-finetune-checkpoint}}
+    command:
+    - sh
+    - -c
+    image: '{{workflow.parameters.tf-image}}'
+    volumeMounts:
+    - mountPath: /mnt/data
+      name: data
+    - mountPath: /mnt/output
+      name: output
+    workingDir: /mnt/src
+  nodeSelector:
+    beta.kubernetes.io/instance-type: '{{workflow.parameters.sys-node-pool}}'
+  inputs:
+    artifacts:
+    - name: data
+      path: /mnt/data/datasets/
+      s3:
+        key: '{{workflow.namespace}}/{{workflow.parameters.cvat-annotation-path}}'
+    - name: models
+      path: /mnt/data/models/
+      optional: true
+      s3:
+        key: '{{workflow.namespace}}/{{workflow.parameters.cvat-finetune-checkpoint}}'
+    - git:
+        repo: '{{workflow.parameters.source}}'
+        revision: '{{workflow.parameters.revision}}'
+      name: src
+      path: /mnt/src/tf
+    - git:
+        repo: '{{workflow.parameters.trainingsource}}'
+        revision: 'optional-artifacts'
+      name: tsrc
+      path: /mnt/src/train
+  name: tensorflow
+  outputs:
+    artifacts:
+    - name: model
+      optional: true
+      path: /mnt/output
+      s3:
+        key: '{{workflow.namespace}}/{{workflow.parameters.cvat-output-path}}/{{workflow.name}}'
+# Uncomment the lines below if you want to send Slack notifications
+#- container:
+#    args:
+#    - SLACK_USERNAME=Onepanel SLACK_TITLE="{{workflow.name}} {{inputs.parameters.status}}"
+#      SLACK_ICON=https://www.gravatar.com/avatar/5c4478592fe00878f62f0027be59c1bd
+#      SLACK_MESSAGE=$(cat /tmp/metrics.json)} ./slack-notify
+#    command:
+#    - sh
+#    - -c
+#    image: technosophos/slack-notify
+#  inputs:
+#    artifacts:
+#    - name: metrics
+#      optional: true
+#      path: /tmp/metrics.json
+#    parameters:
+#    - name: status
+#  name: slack-notify-success
+volumeClaimTemplates:
+- metadata:
+    creationTimestamp: null
+    name: data
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 200Gi
+- metadata:
+    creationTimestamp: null
+    name: output
+  spec:
+    accessModes:
+    - ReadWriteOnce
+    resources:
+      requests:
+        storage: 200Gi`
+
+func initialize20200824101019() {
+	if _, ok := initializedMigrations[20200824101019]; !ok {
+		goose.AddMigration(Up20200824101019, Down20200824101019)
+		initializedMigrations[20200824101019] = true
+	}
+}
+
+// Up20200824101019 updates the tf object detection training workflow template
+func Up20200824101019(tx *sql.Tx) error {
+	// This code is executed when the migration is applied.
+	client, err := getClient()
+	if err != nil {
+		return err
+	}
+	defer client.DB.Close()
+
+	migrationsRan, err := getRanSQLMigrations(client)
+	if err != nil {
+		return err
+	}
+
+	if _, ok := migrationsRan[20200824101019]; ok {
+		return nil
+	}
+
+	namespaces, err := client.ListOnepanelEnabledNamespaces()
+	if err != nil {
+		return err
+	}
+
+	// Update tfObjectDetectionTraining
+	workflowTemplate := &v1.WorkflowTemplate{
+		Name:     tensorflowObjectDetectionWorkflowTemplateName,
+		Manifest: tensorflowObjectDetectionTraining2,
+		Labels: map[string]string{
+			"used-by": "cvat",
+		},
+	}
+	if err := workflowTemplate.GenerateUID(workflowTemplate.Name); err != nil {
+		return err
+	}
+
+	for _, namespace := range namespaces {
+		if _, err := client.CreateWorkflowTemplateVersion(namespace.Name, workflowTemplate); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Down20200824101019 does nothing
+func Down20200824101019(tx *sql.Tx) error {
+	// This code is executed when the migration is rolled back.
+	return nil
+}

db/go/20200824101905_update_cvat_template.go

@@ -0,0 +1,213 @@
+package migration
+
+import (
+	"database/sql"
+	v1 "github.com/onepanelio/core/pkg"
+	uid2 "github.com/onepanelio/core/pkg/util/uid"
+	"github.com/pressly/goose"
+	"strings"
+)
+
+const cvatWorkspaceTemplate6 = `# Workspace arguments
+arguments:
+  parameters:
+  - name: sync-directory
+    displayName: Directory to sync raw input and training output
+    value: workflow-data
+    hint: Location to sync raw input, models and checkpoints from default object storage. Note that this will be relative to the current namespace.
+containers:
+- name: cvat-db
+  image: postgres:10-alpine
+  env:
+  - name: POSTGRES_USER
+    value: root
+  - name: POSTGRES_DB
+    value: cvat
+  - name: POSTGRES_HOST_AUTH_METHOD
+    value: trust
+  - name: PGDATA
+    value: /var/lib/psql/data
+  ports:
+  - containerPort: 5432
+    name: tcp
+  volumeMounts:
+  - name: db
+    mountPath: /var/lib/psql
+- name: cvat-redis
+  image: redis:4.0-alpine
+  ports:
+  - containerPort: 6379
+    name: tcp
+- name: cvat
+  image: onepanel/cvat:0.12.0-rc.6_cvat.1.0.0
+  env:
+  - name: DJANGO_MODWSGI_EXTRA_ARGS
+    value: ""
+  - name: ALLOWED_HOSTS
+    value: '*'
+  - name: CVAT_REDIS_HOST
+    value: localhost
+  - name: CVAT_POSTGRES_HOST
+    value: localhost
+  - name: CVAT_SHARE_URL
+    value: /home/django/data
+  - name: ONEPANEL_SYNC_DIRECTORY
+    value: '{{workspace.parameters.sync-directory}}'
+  - name: NVIDIA_VISIBLE_DEVICES
+    value: all
+  - name: NVIDIA_DRIVER_CAPABILITIES
+    value: compute,utility
+  - name: NVIDIA_REQUIRE_CUDA
+    value: "cuda>=10.0 brand=tesla,driver>=384,driver<385 brand=tesla,driver>=410,driver<411"
+  ports:
+  - containerPort: 8080
+    name: http
+  volumeMounts:
+  - name: data
+    mountPath: /home/django/data
+  - name: keys
+    mountPath: /home/django/keys
+  - name: logs
+    mountPath: /home/django/logs
+  - name: models
+    mountPath: /home/django/models
+  - name: share
+    mountPath: /home/django/share
+  - name: sys-namespace-config
+    mountPath: /etc/onepanel
+    readOnly: true
+- name: cvat-ui
+  image: onepanel/cvat-ui:0.12.0-rc.1_cvat.1.0.0
+  ports:
+  - containerPort: 80
+    name: http
+# You can add multiple FileSyncer sidecar containers if needed
+- name: filesyncer
+  image: onepanel/filesyncer:s3
+  imagePullPolicy: Always
+  args:
+  - download
+  env:
+  - name: FS_PATH
+    value: /mnt/share
+  - name: FS_PREFIX
+    value: '{{workflow.namespace}}/{{workspace.parameters.sync-directory}}'
+  volumeMounts:
+  - name: share
+    mountPath: /mnt/share
+  - name: sys-namespace-config
+    mountPath: /etc/onepanel
+    readOnly: true
+ports:
+- name: cvat-ui
+  port: 80
+  protocol: TCP
+  targetPort: 80
+- name: cvat
+  port: 8080
+  protocol: TCP
+  targetPort: 8080
+routes:
+- match:
+  - uri:
+      regex: /api/.*|/git/.*|/tensorflow/.*|/onepanelio/.*|/tracking/.*|/auto_annotation/.*|/analytics/.*|/static/.*|/admin/.*|/documentation/.*|/dextr/.*|/reid/.*
+  - queryParams:
+      id:
+        regex: \d+.*
+  route:
+  - destination:
+      port:
+        number: 8080
+  timeout: 600s
+- match:
+  - uri:
+      prefix: /
+  route:
+  - destination:
+      port:
+        number: 80
+  timeout: 600s
+# DAG Workflow to be executed once a Workspace action completes (optional)
+# Uncomment the lines below if you want to send Slack notifications
+#postExecutionWorkflow:
+#  entrypoint: main
+#  templates:
+#  - name: main
+#    dag:
+#       tasks:
+#       - name: slack-notify
+#         template: slack-notify
+#  - name: slack-notify
+#     container:
+#       image: technosophos/slack-notify
+#       args:
+#       - SLACK_USERNAME=onepanel SLACK_TITLE="Your workspace is ready" SLACK_ICON=https://www.gravatar.com/avatar/5c4478592fe00878f62f0027be59c1bd SLACK_MESSAGE="Your workspace is now running" ./slack-notify
+#       command:
+#       - sh
+#       - -c`
+
+func initialize20200824101905() {
+	if _, ok := initializedMigrations[20200824101905]; !ok {
+		goose.AddMigration(Up20200824101905, Down20200824101905)
+		initializedMigrations[20200824101905] = true
+	}
+}
+
+// Up20200824101905 updates the cvat workspace template
+func Up20200824101905(tx *sql.Tx) error {
+	// This code is executed when the migration is applied.
+	client, err := getClient()
+	if err != nil {
+		return err
+	}
+	defer client.DB.Close()
+
+	migrationsRan, err := getRanSQLMigrations(client)
+	if err != nil {
+		return err
+	}
+
+	if _, ok := migrationsRan[20200824101905]; ok {
+		return nil
+	}
+
+	namespaces, err := client.ListOnepanelEnabledNamespaces()
+	if err != nil {
+		return err
+	}
+
+	uid, err := uid2.GenerateUID(cvatTemplateName, 30)
+	if err != nil {
+		return err
+	}
+	workspaceTemplate := &v1.WorkspaceTemplate{
+		UID:         uid,
+		Name:        cvatTemplateName,
+		Manifest:    cvatWorkspaceTemplate6,
+		Description: "Powerful and efficient Computer Vision Annotation Tool (CVAT)",
+	}
+
+	for _, namespace := range namespaces {
+		artifactRepositoryType := "s3"
+		nsConfig, err := client.GetNamespaceConfig(namespace.Name)
+		if err != nil {
+			return err
+		}
+		if nsConfig.ArtifactRepository.GCS != nil {
+			artifactRepositoryType = "gcs"
+		}
+		workspaceTemplate.Manifest = strings.NewReplacer(
+			"{{.ArtifactRepositoryType}}", artifactRepositoryType).Replace(workspaceTemplate.Manifest)
+		if _, err := client.UpdateWorkspaceTemplate(namespace.Name, workspaceTemplate); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+// Down20200824101905 does nothing
+func Down20200824101905(tx *sql.Tx) error {
+	// This code is executed when the migration is rolled back.
+	return nil
+}

db/go/db.go

@@ -48,6 +48,9 @@ func Initialize() {
 	initialize20200812104328()
 	initialize20200812113316()
 	initialize20200814160856()
+	initialize20200824095513()
+	initialize20200824101019()
+	initialize20200824101905()
 
 	if err := client.DB.Close(); err != nil {
 		log.Printf("[error] closing db %v", err)

server/auth/auth.go

@@ -3,6 +3,7 @@ package auth
 import (
 	"context"
 	"errors"
+	"fmt"
 	"github.com/onepanelio/core/api"
 	"net/http"
 	"strings"
@@ -85,12 +86,13 @@ func IsAuthorized(c *v1.Client, namespace, verb, group, resource, name string) (
 		},
 	})
 
+	deniedMsg := fmt.Sprintf(`Permission denied. Namespace: '%v', Verb: '%v', Group: '%v', Resource '%v', Name: '%v'`, namespace, verb, group, resource, name)
 	if err != nil {
-		return false, status.Error(codes.PermissionDenied, "Permission denied.")
+		return false, status.Error(codes.PermissionDenied, deniedMsg)
 	}
 	allowed = review.Status.Allowed
 	if !allowed {
-		return false, status.Error(codes.PermissionDenied, "Permission denied.")
+		return false, status.Error(codes.PermissionDenied, deniedMsg)
 	}
 
 	return

server/auth_server.go

@@ -2,8 +2,10 @@ package server
 
 import (
 	"context"
+	"fmt"
 	"github.com/onepanelio/core/api"
 	v1 "github.com/onepanelio/core/pkg"
+	"github.com/onepanelio/core/pkg/util"
 	"github.com/onepanelio/core/server/auth"
 	"github.com/pkg/errors"
 	"google.golang.org/grpc/codes"
@@ -41,7 +43,7 @@ func (a *AuthServer) IsAuthorized(ctx context.Context, request *api.IsAuthorized
 	allowed, err := auth.IsAuthorized(client, request.IsAuthorized.Namespace, request.IsAuthorized.Verb, request.IsAuthorized.Group, request.IsAuthorized.Resource, request.IsAuthorized.ResourceName)
 	if err != nil {
 		res.Authorized = false
-		return res, err
+		return res, util.NewUserError(codes.PermissionDenied, fmt.Sprintf("Namespace: %v, Verb: %v, Group: \"%v\", Resource: %v. Source: %v", request.IsAuthorized.Namespace, request.IsAuthorized.Verb, request.IsAuthorized.Group, request.IsAuthorized.ResourceName, err))
 	}
 
 	res.Authorized = allowed