blog/2018/04/06/planning_meeting_iteration_18.mdwn


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150

[[!meta title="Planning meeting (iteration 18)"]]
[[!tag meeting]]
[[!meta date="2018-04-06 15:13"]]
[[!meta author="liw"]]

People
=============================================================================

* [[people/liw]]

Agenda
=============================================================================

* Discuss and decide goals for this iteration.

Notes
=============================================================================

* This iteration is about introducing a real IDP component to get rid
  of having each API client creating its own access tokens.

Roadmap until ALPHA-6
=============================================================================

    @startroadmap
    alpha6:
      label: ALPHA-6
      depends:
        - alpha5
        - docs

    alpha5:
      label: ALPHA-5
      depends:
        - alpha4
        - notifications
        - build_graph
        - incremental

    alpha4:
      label: ALPHA-4
      depends:
        - qvisqve
        - self_hosting

    self_hosting:
      label: |
        ick builds,
        publishes
        its own .debs

    notifications:
      label: |
        ick has a
        rudimentary
        notification
        system

    qvisqve:
      label: |
        ick uses Qvisqve
        as an IDP
      status: next

    build_graph:
      label: |
        ick constructs a
        build graph from
        all pipelines at
        trigger time

    incremental:
      label: |
        ick can do
        incremental
        builds (reuse
        workspaces
        across builds)

    docs:
      label: |
        there's sufficient
        docs for others to
        install ick for
        themselves
    @endroadmap

Tasks for this week
=============================================================================

Tasks may be part of a project or be random small ones (max an hour)
that just need doing.

[[!table data="""
what                                        | Who   | estimate(h)

Install Qvisqve in ick2-ansible             | Lars  | 1
Add IDP URL to controller /version          | Lars  | 1
Change `client.py` to fetch token from IDP  | Lars  | 1
Change `icktool` to use `client.py`         | Lars  | 1
Set up test instance, check that it works   | Lars  | 1

Total                                       | Lars  | 5
"""]]

Task descriptions
------------------------------------------------------------------------------

[Qvisqve]: http://www.qvarn.org/qvisqve/

* **Install Qvisqve in ick2-ansible:** Add a role to
  `ick2-ansible.git` for installing [Qvisqve][] on a host, and use
  that role in a playbook. The deployed Qvisqve should allow the user
  to define at least one pre-configured API client via parameters. The
  token signing key should of course also be provided by an Ansible
  variable.

  _Acceptance criteria:_ Manually test that a Qvisqve server can be
  configured and that it grants tokens to a client.

* **Add IDP URL to controller /version:** Add another field to the
  `/version` result, similar to `artifact_store`, but for the URL to
  the IDP. Call it `auth_url`. The URL will be provided by the
  controller configuration file.

  _Acceptance criteria:_ Unit and integration tests check for the IDP
  URL in the `/version` result. Tests pass.

* **Change `client.py` to fetch token from IDP:** Change the
  `client.py` module to retrieve the IDP URL from the controller, and
  fetch an access token from the IDP. Change worker-manager to use the
  new functionality and drop the token generation code.

  _Acceptance criteria:_ Suitable unit tests have been added to the
  worker manager and they pass.

* **Change `icktool` to use `client.py`:** `icktool` currently
  implements its own version for accessing the APIs and for generating
  tokens. Replace all of that with `client.py` instead.

  _Acceptance criteria:_ Manually test that `icktool` can fetch a
  token from an IDP.

* **Set up test instance, check that it works:** Test the playbook,
  `icktool` and worker-manager changes by setting up a fresh test
  instance, and adding projects to build a systree and to run
  something in a container using the systree.

  _Acceptance criteria:_ Manually check that the builds pass in the
  test instance.