Closed Bug 734140 Opened 12 years ago Closed 12 years ago

Need an LDAP account for automation

Categories

(Infrastructure & Operations :: Infrastructure: Other, task)

Product:
Infrastructure & Operations
Component:
Infrastructure: Other
Platform:
x86
macOS
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mdas, Assigned: jabba)

Details

Attachments

(1 file, 1 obsolete file)

ssh pub key
417 bytes, text/plain
Details 
As described in Bug 733836, I'm setting up some automation to mirror a git repository to an hg repo in hg.mozilla.org. I want this automation to have its own LDAP account, and to grant it commit access only certain hg.mozilla.org/projects. 

Automated mirroring is something that our team is going be involved with more, so being able to grant commit access to a select few repositories in hg.mozilla.org would be the right way to go about it in the event that any of these automation machines get compromised.
Assignee: desktop-support → aignacio
Assignee: aignacio → mozillamarcia.knous
Component: Server Operations: Account Requests → Repository Account Requests
QA Contact: tfairfield → repo-acct-req
Malini: I imagine you want something similar to Bug 531141?
Maybe, if the calbld user has restricted access to only certain repos (under hg.mozilla.org/projects for us specifically). I didn't find the bug very clear.
This is a server-ops task. I'm guessing that this kind of restricted HG account is going to be troublesome to implement, given the current levels setup.

Which exact repositories do you want this account to have access to?
Assignee: mozillamarcia.knous → server-ops-devservices
Component: Repository Account Requests → Server Operations: Developer Services
QA Contact: repo-acct-req → shyam
(In reply to Gavin Sharp (use gavin@gavinsharp.com for email) from comment #3)
> This is a server-ops task. I'm guessing that this kind of restricted HG
> account is going to be troublesome to implement, given the current levels
> setup.
> 
> Which exact repositories do you want this account to have access to?

The repository in question is yet to be created (Bug 733836), but this is going to be an automation LDAP account, so as more projects on the ateam's side need repository automation, more repositories will be added. At the moment, I'll just need access to the repository created in Bug 733836.
We will be running our automation from an internal machine, so we won't need to restrict its commit access to particular repositories.

We now only need this account to have level 2 commit access. Any idea when we can get this LDAP account created?
LDAP stuff is handled by the infra team, reassigning.
Assignee: server-ops-devservices → server-ops-infra
Component: Server Operations: Developer Services → Server Operations: Infrastructure
QA Contact: shyam → jdow
Assignee: server-ops-infra → jdow
I'll need:

The name of the account
a public ssh key for the account
an ack from gavin to grant scm_level_2 privileges
Attached file ssh pub key (obsolete) — 
Hey there,

"automation" should be a good name for the account. If that's taken, then "ateamauto" should be fine.
Summary: Need a restricted LDAP account for automation → Need an LDAP account for automation
Attached file ssh pub key 
The previous public key was for an older automation machine. Updating the attachment for the new machine.
Attachment #615938 - Attachment is obsolete: true
Ok, account is created, pubkey associated. The account is uid=ateamauto,ou=logins,dc=mozilla and has the "mail" attribute of "ateamauto@mozilla.com", which is a dummy mail address, but that is the username needed for hg, so the machine's ~/.ssh/config will need these lines in it:

Host hg.mozilla.org
User ateamauto@mozilla.com

It's all set to go, but I'm waiting for the ack for addition to the scm_level_1 and scm_level_2 groups.
Go ahead and enable scm_level_1/scm_level_2.
Done! You should be good to go here.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Component: Server Operations: Infrastructure → Infrastructure: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: