blob: 125427be82f35c61ae87aafe410f126862868c3a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
[[!meta title="Planning meeting (iteration 18)"]]
[[!tag meeting]]
[[!meta date="2018-04-06 15:13"]]
[[!meta author="liw"]]
People
=============================================================================
* [[people/liw]]
Agenda
=============================================================================
* Discuss and decide goals for this iteration.
Notes
=============================================================================
* This iteration is about introducing a real IDP component to get rid
of having each API client creating its own access tokens.
Roadmap until ALPHA-6
=============================================================================
@startroadmap
alpha6:
label: ALPHA-6
depends:
- alpha5
- docs
alpha5:
label: ALPHA-5
depends:
- alpha4
- notifications
- build_graph
- incremental
alpha4:
label: ALPHA-4
depends:
- qvisqve
- self_hosting
self_hosting:
label: |
ick builds,
publishes
its own .debs
notifications:
label: |
ick has a
rudimentary
notification
system
qvisqve:
label: |
ick uses Qvisqve
as an IDP
status: next
build_graph:
label: |
ick constructs a
build graph from
all pipelines at
trigger time
incremental:
label: |
ick can do
incremental
builds (reuse
workspaces
across builds)
docs:
label: |
there's sufficient
docs for others to
install ick for
themselves
@endroadmap
Tasks for this week
=============================================================================
Tasks may be part of a project or be random small ones (max an hour)
that just need doing.
[[!table data="""
what | Who | estimate(h)
Install Qvisqve in ick2-ansible | Lars | 1
Add IDP URL to controller /version | Lars | 1
Change `client.py` to fetch token from IDP | Lars | 1
Change `icktool` to use `client.py` | Lars | 1
Set up test instance, check that it works | Lars | 1
Total | Lars | 5
"""]]
Task descriptions
------------------------------------------------------------------------------
[Qvisqve]: http://www.qvarn.org/qvisqve/
* **Install Qvisqve in ick2-ansible:** Add a role to
`ick2-ansible.git` for installing [Qvisqve][] on a host, and use
that role in a playbook. The deployed Qvisqve should allow the user
to define at least one pre-configured API client via parameters. The
token signing key should of course also be provided by an Ansible
variable.
_Acceptance criteria:_ Manually test that a Qvisqve server can be
configured and that it grants tokens to a client.
* **Add IDP URL to controller /version:** Add another field to the
`/version` result, similar to `artifact_store`, but for the URL to
the IDP. Call it `auth_url`. The URL will be provided by the
controller configuration file.
_Acceptance criteria:_ Unit and integration tests check for the IDP
URL in the `/version` result. Tests pass.
* **Change `client.py` to fetch token from IDP:** Change the
`client.py` module to retrieve the IDP URL from the controller, and
fetch an access token from the IDP. Change worker-manager to use the
new functionality and drop the token generation code.
_Acceptance criteria:_ Suitable unit tests have been added to the
worker manager and they pass.
* **Change `icktool` to use `client.py`:** `icktool` currently
implements its own version for accessing the APIs and for generating
tokens. Replace all of that with `client.py` instead.
_Acceptance criteria:_ Manually test that `icktool` can fetch a
token from an IDP.
* **Set up test instance, check that it works:** Test the playbook,
`icktool` and worker-manager changes by setting up a fresh test
instance, and adding projects to build a systree and to run
something in a container using the systree.
_Acceptance criteria:_ Manually check that the builds pass in the
test instance.
|