Project

General

Profile

action #6096

Restrict workers to have full API access by random, individual tokens (was: change worker authentication)

Added by lnussel over 5 years ago. Updated 5 months ago.

Status:
Rejected
Priority:
Low
Assignee:
Category:
Feature requests
Target version:
Start date:
2015-01-28
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

workers currently use user tokens and therefore have access to the full API. Workers should have differnt privileges that only allows them to grab jobs, set jobs to finish etc. That makes sure test code run by a worker cannot accidentally nor intentionally mess with the API.


Related issues

Related to openQA Project - action #6602: move worker credentials to workers.iniRejected2015-03-10

Related to openQA Project - action #6558: [epic] add/edit/remove usersResolved2020-07-07

History

#1 Updated by coolo over 5 years ago

And as dicussed in the hall earlier: every worker should have its own random token - and we should IMO offer an option to allow every worker to generate that token himself, i.e. plug&play.

#2 Updated by lnussel over 5 years ago

coolo wrote:

And as dicussed in the hall earlier: every worker should have its own random token - and we should IMO offer an option to allow every worker to generate that token himself, i.e. plug&play.

Yes. As long as we rely on nfs anyways I think the idea with dropping a token to the shared space would be ok for now too.

#3 Updated by lnussel over 5 years ago

  • Related to action #6602: move worker credentials to workers.ini added

#4 Updated by okurz over 4 years ago

  • Category set to 132

#5 Updated by okurz almost 4 years ago

  • Target version set to future

#6 Updated by okurz over 2 years ago

  • Target version changed from future to future

#7 Updated by okurz over 1 year ago

  • Category changed from 132 to Feature requests

#8 Updated by okurz about 1 year ago

  • Status changed from New to Rejected
  • Assignee set to okurz

I think by now the design has changed enough to make this whole thing obsolete, e.g. we do not rely on NFS anymore.

#9 Updated by coolo about 1 year ago

  • Status changed from Rejected to New
  • Assignee deleted (okurz)

this has nothing to do with nfs

#10 Updated by okurz about 1 year ago

  • Subject changed from change worker authentication to Restrict workers to have full API access by random, individual tokens (was: change worker authentication)

Changed the subject to reflect what I think you might want

#11 Updated by okurz 9 months ago

  • Related to action #6558: [epic] add/edit/remove users added

#12 Updated by okurz 6 months ago

  • Priority changed from Normal to Low

#13 Updated by okurz 5 months ago

  • Status changed from New to Rejected
  • Assignee set to okurz

-> #65271

Also available in: Atom PDF