action #6096: Restrict workers to have full API access by random, individual tokens (was: change worker authentication) - openQA Project - openSUSE Project Management Tool

Custom queries

All 'new' issues w/o assignee, sorted by version/priority
All auto_review tickets
All auto_review+force_result tickets
openQA Infrastructure Project
openqa-review - Closed tickets last updated by openqa-review, last 30 days
QA roadmap long-term
QA SLE functional
QA SLE Functional - closed in last 14 days
QA SLE Functional - High, need to be refined
QA SLE Functional - over cycle time median
QA SLE u
QA SLE y
QA tools (tag not necessary in openQA and subprojects)
QA tools tag (tag not necessary in openQA and subprojects; excluding tickets in "Ready" version as they are already on the backlog)
QAC - Backlog
QE tools team - backlog (ready issues)
QE tools team - backlog (w/o infra)
QE tools team - backlog SLA high
QE tools team - backlog SLA immediate
QE tools team - backlog SLA no immediate/urgent in feedback/blocked
QE tools team - backlog SLA normal
QE tools team - backlog SLA urgent
QE tools team - backlog SLO high
QE tools team - backlog SLO normal
QE tools team - backlog SLO urgent
QE tools team - backlog, high-level view (epics and higher)
QE tools team - backlog, non-reactive work, needs parent
QE tools team - backlog, top-level view (all sagas)
QE tools team - closed within last 14 days
QE tools team - closed within last 60 days
QE tools team - closed yesterday
QE Tools Team - Collaborative Session
QE tools team - due date forecast
QE Tools team - due soon
QE tools team - exceeding due-date
QE tools team - infrastructure backlog
QE tools team - next - sorted by update time
QE tools team - next issues
QE tools team - non-estimated (unblocked) issues (w/o infra)
QE tools team - ready issues - Workable
QE tools team - ready, not assigned/blocked/low
QE tools team - update forecast
QE tools team - updated by priority
QE tools team - what members of the team are working on - Feedback (not-low)
QE Tools Team Backlog By Assignee
Tools Team Retrospective
Tools Team Retrospective (not estimated or assigned)

Actions

Copy link

action #6096

closed

Restrict workers to have full API access by random, individual tokens (was: change worker authentication)

Added by lnussel over 9 years ago. Updated about 4 years ago.

Status:

Rejected

Priority:

Low

Assignee:

okurz

Category:

Feature requests

Target version:

QA - future

Start date:

2015-01-28

Due date:

% Done:

Estimated time:

Description

workers currently use user tokens and therefore have access to the full API. Workers should have differnt privileges that only allows them to grab jobs, set jobs to finish etc. That makes sure test code run by a worker cannot accidentally nor intentionally mess with the API.

Related issues 2 (0 open — 2 closed)

Related to openQA Project - action #6602: move worker credentials to workers.ini

Rejected

okurz

2015-03-10

Actions

Related to openQA Project - coordination #6558: [epic] add/edit/remove users

Resolved

okurz

2020-07-07

Actions

Issue # Delay: days Cancel

History
Notes
Property changes

Actions

Copy link

Updated by coolo over 9 years ago

And as dicussed in the hall earlier: every worker should have its own random token - and we should IMO offer an option to allow every worker to generate that token himself, i.e. plug&play.

Actions

Copy link

Updated by lnussel over 9 years ago

coolo wrote:

And as dicussed in the hall earlier: every worker should have its own random token - and we should IMO offer an option to allow every worker to generate that token himself, i.e. plug&play.

Yes. As long as we rely on nfs anyways I think the idea with dropping a token to the shared space would be ok for now too.

Actions

Copy link

Updated by lnussel about 9 years ago

Related to action #6602: move worker credentials to workers.ini added

Actions

Copy link

Updated by okurz over 8 years ago

Category set to 132

Actions

Copy link

Updated by okurz over 7 years ago

Target version set to future

Actions

Copy link

Updated by okurz almost 6 years ago

Target version changed from future to future

Actions

Copy link

Updated by okurz almost 5 years ago

Category changed from 132 to Feature requests

Actions

Copy link

Updated by okurz over 4 years ago

Status changed from New to Rejected
Assignee set to okurz

I think by now the design has changed enough to make this whole thing obsolete, e.g. we do not rely on NFS anymore.

Actions

Copy link

Updated by coolo over 4 years ago

Status changed from Rejected to New
Assignee deleted (~~okurz~~)

this has nothing to do with nfs

Actions

Copy link

#10

Updated by okurz over 4 years ago

Subject changed from change worker authentication to Restrict workers to have full API access by random, individual tokens (was: change worker authentication)

Changed the subject to reflect what I think you might want

Actions

Copy link

#11