• Discuss and decide goals for this iteration.


  • This iteration is about introducing a real IDP component to get rid of having each API client creating its own access tokens.

Roadmap until ALPHA-6

  label: ALPHA-6
    - alpha5
    - docs

  label: ALPHA-5
    - alpha4
    - notifications
    - build_graph
    - incremental

  label: ALPHA-4
    - qvisqve
    - self_hosting

  label: |
    ick builds,
    its own .debs

  label: |
    ick has a

  label: |
    ick uses Qvisqve
    as an IDP
  status: next

  label: |
    ick constructs a
    build graph from
    all pipelines at
    trigger time

  label: |
    ick can do
    builds (reuse
    across builds)

  label: |
    there's sufficient
    docs for others to
    install ick for

Tasks for this week

Tasks may be part of a project or be random small ones (max an hour) that just need doing.

what Who estimate(h)
Install Qvisqve in ick2-ansible Lars 1
Add IDP URL to controller /version Lars 1
Change to fetch token from IDP Lars 1
Change icktool to use Lars 1
Set up test instance, check that it works Lars 1
Total Lars 5

Task descriptions

  • Install Qvisqve in ick2-ansible: Add a role to ick2-ansible.git for installing Qvisqve on a host, and use that role in a playbook. The deployed Qvisqve should allow the user to define at least one pre-configured API client via parameters. The token signing key should of course also be provided by an Ansible variable.

    Acceptance criteria: Manually test that a Qvisqve server can be configured and that it grants tokens to a client.

  • Add IDP URL to controller /version: Add another field to the /version result, similar to artifact_store, but for the URL to the IDP. Call it auth_url. The URL will be provided by the controller configuration file.

    Acceptance criteria: Unit and integration tests check for the IDP URL in the /version result. Tests pass.

  • Change to fetch token from IDP: Change the module to retrieve the IDP URL from the controller, and fetch an access token from the IDP. Change worker-manager to use the new functionality and drop the token generation code.

    Acceptance criteria: Suitable unit tests have been added to the worker manager and they pass.

  • Change icktool to use icktool currently implements its own version for accessing the APIs and for generating tokens. Replace all of that with instead.

    Acceptance criteria: Manually test that icktool can fetch a token from an IDP.

  • Set up test instance, check that it works: Test the playbook, icktool and worker-manager changes by setting up a fresh test instance, and adding projects to build a systree and to run something in a container using the systree.

    Acceptance criteria: Manually check that the builds pass in the test instance.