[[!meta title="Planning meeting (iteration 18)"]] [[!tag meeting]] [[!meta date="2018-04-06 15:13"]] [[!meta author="liw"]] People ============================================================================= * [[people/liw]] Agenda ============================================================================= * Discuss and decide goals for this iteration. Notes ============================================================================= * This iteration is about introducing a real IDP component to get rid of having each API client creating its own access tokens. Roadmap until ALPHA-6 ============================================================================= @startroadmap alpha6: label: ALPHA-6 depends: - alpha5 - docs alpha5: label: ALPHA-5 depends: - alpha4 - notifications - build_graph - incremental alpha4: label: ALPHA-4 depends: - qvisqve - self_hosting self_hosting: label: | ick builds, publishes its own .debs notifications: label: | ick has a rudimentary notification system qvisqve: label: | ick uses Qvisqve as an IDP status: next build_graph: label: | ick constructs a build graph from all pipelines at trigger time incremental: label: | ick can do incremental builds (reuse workspaces across builds) docs: label: | there's sufficient docs for others to install ick for themselves @endroadmap Tasks for this week ============================================================================= Tasks may be part of a project or be random small ones (max an hour) that just need doing. [[!table data=""" what | Who | estimate(h) Install Qvisqve in ick2-ansible | Lars | 1 Add IDP URL to controller /version | Lars | 1 Change `client.py` to fetch token from IDP | Lars | 1 Change `icktool` to use `client.py` | Lars | 1 Set up test instance, check that it works | Lars | 1 Total | Lars | 5 """]] Task descriptions ------------------------------------------------------------------------------ [Qvisqve]: http://www.qvarn.org/qvisqve/ * **Install Qvisqve in ick2-ansible:** Add a role to `ick2-ansible.git` for installing [Qvisqve][] on a host, and use that role in a playbook. The deployed Qvisqve should allow the user to define at least one pre-configured API client via parameters. The token signing key should of course also be provided by an Ansible variable. _Acceptance criteria:_ Manually test that a Qvisqve server can be configured and that it grants tokens to a client. * **Add IDP URL to controller /version:** Add another field to the `/version` result, similar to `artifact_store`, but for the URL to the IDP. Call it `auth_url`. The URL will be provided by the controller configuration file. _Acceptance criteria:_ Unit and integration tests check for the IDP URL in the `/version` result. Tests pass. * **Change `client.py` to fetch token from IDP:** Change the `client.py` module to retrieve the IDP URL from the controller, and fetch an access token from the IDP. Change worker-manager to use the new functionality and drop the token generation code. _Acceptance criteria:_ Suitable unit tests have been added to the worker manager and they pass. * **Change `icktool` to use `client.py`:** `icktool` currently implements its own version for accessing the APIs and for generating tokens. Replace all of that with `client.py` instead. _Acceptance criteria:_ Manually test that `icktool` can fetch a token from an IDP. * **Set up test instance, check that it works:** Test the playbook, `icktool` and worker-manager changes by setting up a fresh test instance, and adding projects to build a systree and to run something in a container using the systree. _Acceptance criteria:_ Manually check that the builds pass in the test instance.