Currently new users are added to Bastion via wikitech. That's fine, but as we move to user creation via Striker (or tool-to-be-named-later) this will have to be done elsewhere, probably by Keystone. It's easy, I think.
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Addshore | T165294 Add "GoranSMilovanovic" to labs "bastion" project | |||
Resolved | Andrew | T165343 Reconsider WMCS user creation workflow w/out OSM | |||
Resolved | Andrew | T165337 Add new users to 'bastion' project via a Keystone hook |
Event Timeline
We probably don't want to add them to bastion on account creation. I think the equivalent of the OSM logic would be to check for bastion membership when changing project roles and grant the user role in the bastion project if it doesn't exist.
Seems likely this hit @aborrero and I fixed it by adding him to chasetest project via wikitech:
uid=18194(aborrero) gid=500(wikidev) groups=50380(project-tools),500(wikidev)
then
uid=18194(aborrero) gid=500(wikidev) groups=50062(project-bastion),50380(project-tools),52223(project-chasetest),500(wikidev)
Change 436570 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystonehooks: Add any new project member to bastion
Change 436570 merged by Andrew Bogott:
[operations/puppet@production] keystonehooks: Add any new project member to bastion
Change 436955 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] keystonehooks: only add users to bastion if they have the 'user' role
Change 436955 merged by Andrew Bogott:
[operations/puppet@production] keystonehooks: only add users to bastion if they have the 'user' role