Maniphest T365724

[infra] Allow users to self-rotate the all the credentials
Open, MediumPublic
Actions

Assigned To

None

Authored By

	dcaro
	May 23 2024, 3:19 PM

Tags

Referenced Files

None

Subscribers

Description

This task is to explore if we can and want to allow toolforge users to be able to self-rotate their credentials.

Current credentials:

k8s/api certs <- users can self-rotate (generate new certs), but old certs can't be revoked, see T365681: toolforge: kubernetes can't revoke certificates
replica database credentials <- this and the next need admin action
toolsdb credentials

This might influence the following:

This was created following up on T365644: Remote Code Execution on svgtranslate

Related Objects

Mentioned Here: T365681: toolforge: kubernetes can't revoke certificates
T365644: Remote Code Execution on svgtranslate
T358496: [toolforge,storage] Provide per-tool access to cloud-vps object storage
T363983: [toolforge] Investigate authentication

Event Timeline

dcaro created this task.May 23 2024, 3:19 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 23 2024, 3:19 PM

dcaro updated the task description. (Show Details)May 23 2024, 3:20 PM

• aborrero updated the task description. (Show Details)May 23 2024, 3:22 PM

• aborrero added a project: User-aborrero.

• aborrero updated the task description. (Show Details)

• aborrero moved this task from Backlog to Radar/observer on the User-aborrero board.

dcaro updated the task description. (Show Details)May 23 2024, 3:25 PM

dcaro triaged this task as Medium priority.May 28 2024, 3:20 PM