People

Agenda

  • Discuss and decide goals for this iteration.

Notes

  • This iteration is about introducing a real IDP component to get rid of having each API client creating its own access tokens.

Roadmap until ALPHA-6

Tasks for this week

Tasks may be part of a project or be random small ones (max an hour) that just need doing.

what Who estimate(h)
Install Qvisqve in ick2-ansible Lars 1
Add IDP URL to controller /version Lars 1
Change client.py to fetch token from IDP Lars 1
Change icktool to use client.py Lars 1
Set up test instance, check that it works Lars 1
Total Lars 5

Task descriptions

  • Install Qvisqve in ick2-ansible: Add a role to ick2-ansible.git for installing Qvisqve on a host, and use that role in a playbook. The deployed Qvisqve should allow the user to define at least one pre-configured API client via parameters. The token signing key should of course also be provided by an Ansible variable.

    Acceptance criteria: Manually test that a Qvisqve server can be configured and that it grants tokens to a client.

  • Add IDP URL to controller /version: Add another field to the /version result, similar to artifact_store, but for the URL to the IDP. Call it auth_url. The URL will be provided by the controller configuration file.

    Acceptance criteria: Unit and integration tests check for the IDP URL in the /version result. Tests pass.

  • Change client.py to fetch token from IDP: Change the client.py module to retrieve the IDP URL from the controller, and fetch an access token from the IDP. Change worker-manager to use the new functionality and drop the token generation code.

    Acceptance criteria: Suitable unit tests have been added to the worker manager and they pass.

  • Change icktool to use client.py: icktool currently implements its own version for accessing the APIs and for generating tokens. Replace all of that with client.py instead.

    Acceptance criteria: Manually test that icktool can fetch a token from an IDP.

  • Set up test instance, check that it works: Test the playbook, icktool and worker-manager changes by setting up a fresh test instance, and adding projects to build a systree and to run something in a container using the systree.

    Acceptance criteria: Manually check that the builds pass in the test instance.