Page MenuHomePhabricator

Deploy Striker account creation and management workflow
Closed, ResolvedPublic

Description

Features included:

Deploy checklist:

  • create strikerbot only wikitech oauth consumer
  • update strikerbot groups to allow 2fa
  • get new secrets to a root for Puppet patch
  • verify config on californium
  • scap3 deploy
  • test login with 2fa protected account
  • test account creation via striker
  • verify that striker created account can log into wikitech
  • verify that striker created account can log into gerrit
  • test ssh key management via striker
  • test password change via striker
  • announce for others to poke at

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

The prod secrets need be appended to the existing to the existing striker::uwsgi::secret_config hiera hash and look something like:

striker::uwsgi::secret_config:
  wikitech:
    ACCESS_SECRET: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    ACCESS_TOKEN: bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
    CONSUMER_SECRET: cccccccccccccccccccccccccccccccccccccccc
    CONSUMER_TOKEN: dddddddddddddddddddddddddddddddd