Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow tasks to access production via temporary maintainer tokens #1260

Closed
wants to merge 5 commits into from
Closed

Allow tasks to access production via temporary maintainer tokens #1260

wants to merge 5 commits into from

Conversation

rocketeerbkw
Copy link
Member

Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated.
  • Changelog entry has been written

With the RBAC changes, access to the API via cli containers was given via guest permissions. This prevented the tasks from doing syncs from production environments. This PR adds a default maintainer user to every project, with no password and no ssh key (so logins with this user aren't allowed). Additionally, the api client requests a new access token for the maintainer and passes that to the task container. The ssh server was modified to allow passing a LAGOON_TOKEN environment variable that it will uses to check permissions.

Changelog Entry

Improvement - Allow tasks to access production via temporary maintainer tokens (#1229)
Bugfix - Prevent lagoon images from interfering with pygmy

Closing issues

closes #1229

@Schnitzel
Copy link
Contributor

@rocketeerbkw can you fix the conflict? thank you

@Schnitzel Schnitzel mentioned this pull request Sep 23, 2019
Closed
@Schnitzel Schnitzel added this to the v1.2.0 milestone Oct 1, 2019
@Schnitzel Schnitzel removed this from the v1.2.0 milestone Nov 18, 2019
@tobybellwood tobybellwood added the 1-api-auth API & Authentication subsystem label Dec 18, 2019
@rocketeerbkw rocketeerbkw marked this pull request as draft April 16, 2020 19:49
@tobybellwood tobybellwood added lagoon-one and removed 1-api-auth API & Authentication subsystem labels May 24, 2021
@tobybellwood tobybellwood modified the milestone: v3.0.0 May 24, 2021
@tobybellwood tobybellwood mentioned this pull request May 25, 2021
Closed
25 tasks
@tobybellwood
Copy link
Member

default-uisers were given maintainer access a while back, closing!

@tobybellwood tobybellwood deleted the 1229-task-maintainer-tokens branch July 4, 2024 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
lagoon-one
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Inject Token with Maintainer Access into Task Pods
3 participants
@rocketeerbkw @Schnitzel @tobybellwood