Fesco approved our automation system, hence I'd like to request the credentials:
* Name: packit * We need FAS * Kerberos keytab file * Ability to upload to lookaside cache * src.fp.o: API token with perms to fork repos, generic read access and create PRs * please let the token be valid for a year
When do you need this? (YYYY/MM/DD) 2019/03/15
When is this no longer needed or useful? (YYYY/MM/DD) N/A
If we cannot complete your request, what is the impact? We won't be able to meet goals of our team.
Metadata Update from @bowlofeggs: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: authentication
@ttomecek could you please create the FAS account itself, so you can create and manage the API tokens yourself? After you have created the user, we can generate a kerberos keytab for you, but would like verification from you that you (or whomever we send the keytab to on your request) will take responsible for anything that would happen with the credentials (keytab).
Thank you, I just created a new FAS account: packit.
@ttomecek can you give us a positive assent/agreement to "that you (or whomever we send the keytab to on your request) will take responsible for anything that would happen with the credentials (keytab)."
We like to have a formal agreement for recordkeeping. Thanks!
We take full responsibility for the keytab and all actions which will be performed using it.
Any update here?
I know that you guys are busy with F30 right now. In terms of priorities, this will be a hard blocker for us within a few weeks.
Also please bear in mind that we request two things here:
Thank you.
I've mailed you a keytab.
@pingou I can't seem to make the token with pagure-admin unless there is a packit user, is there a way around that or should we make a bot user?
@ttomecek could you log in on src.fp.o and src.stg.fp.o (if you want it as well) so the account gets created? From there pagure-admin should be able to create the token :)
@kevin Thank you, I have the keytab locally now.
@pingou I just logged in (just a note that I received 500 upon login). The keytab is only valid for prod, not for stg.
Thank you, gentlemen!
@ttomecek it looks like the packit user was not created: https://src.fedoraproject.org/user/packit
Feel free to ping me on IRC, I'll tail the logs to see where this 500 is coming from
@ttomecek the ACLs you need are all available to all users in their settings page. So you should be able to create the token yourself using the UI and logging in as packit.
Once this is done, let me know, I can expand the lifespan on this token :)
we sorted this over IRC, thank you very much!
Closing as fixed, thanks for your patience @ttomecek :)
Metadata Update from @pingou: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.