Page MenuHomePhabricator
Create Task
Maniphest T351752

Implement access control via Puppet
Open, LowPublic5 Estimated Story Points
Actions

Description

A/C
GIVEN Esha has created an environment
WHEN the environment has spun up and is ready to use
THEN Esha should have SSH access to her instance
AND members of the catalyst project should have SSH access to her project
AND no one else should have SSH access to her project

GIVEN Esha's team mate has been granted access to Esha's environment
WHEN he attempts to SSH into Esha's environment
THEN he should be able to log in
AND he shouldn't have to wait more than a couple of minutes before gaining access

For this, operations-puppet/production/modules/profile/manifests/ldap/client/labs.pp needs to be modified so that access can be managed on a per-ldap-user basis, in addition to the current per-ldap-group setup. More details in T349637: EXPLORE restricting users' access to specific test environments

Related Objects

Event Timeline

Slst2020 created this task.Nov 21 2023, 5:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 21 2023, 5:19 PM
Slst2020 updated the task description. (Show Details)Nov 21 2023, 5:20 PM
Slst2020 set the point value for this task to 5.
thcipriani triaged this task as Low priority.Jan 29 2024, 6:31 PM
thcipriani subscribed.

Assigning a lower priority based on the Catalyst workboard check-in today.

Work for this has yet to begin, and given the focus on the test engineer use-case, this task may have a lower priority.

Slst2020 added a comment.Feb 1 2024, 3:56 PM

We now have support for unmanaged (unpuppetized) instances, so this should no longer be necessary.

thcipriani edited projects, added Catalyst (Prototype leftovers 🍱); removed Catalyst (Prototype API).Mar 18 2024, 12:56 PM
thcipriani moved this task from Backlog to API on the Catalyst (Prototype leftovers 🍱) board.Mar 18 2024, 12:56 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL