On Mon, 7 May 2012 12:26:00 +0200, Alexander Sack asac@linaro.org wrote:
On Mon, May 7, 2012 at 12:19 PM, Loïc Minier loic.minier@linaro.org wrote:
On Mon, May 07, 2012, Michael Hudson wrote:
- Another way is to create a user that does not correspond to a user on
LP (gfx-daily-job-submitter or somethign) and add it to the linaro group on v.l.o. This feels a bit better, but it's not very 'self service' -- the only way to create such a user is via the admin panel afaik.
This seems fine to me; creating a machine-to-machine account/setup seems like a one-off action which doesn't need to involve LP. We could share a single set of LAVA credentials for all jobs coming from ci.linaro.org.
If this isn't automated enough, we could have a way to create new LAVA credentials for anyone in a specific Launchpad team?
Yes, machine to machine is the way to go...
But, I don't think we need specific users like gfx-... we just need _one_ user shared by all @linaro.org protected jobs. This should be configured on the backend side for all @linaro.org transparently so the user (alf) does not need to bother about it...
That should be simple to setup and shouldn't require lot's of maintenance nor any further sophistication.
I think that makes sense. The necessity of the infrastructure team sharing the password of this user still doesn't seem like a great thing, but maybe that's OK for now.
(In the medium term, maybe we should be able to associate tokens with groups, and any member of the group can manage tokens associated with the group?)
Cheers, mwh