Project

General

Profile

Actions

Support #19140

closed

Document a process by which you would set up a service account

Added by Peter Amstutz about 2 years ago. Updated 26 days ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Documentation
Due date:
Story points:
1.0
Release relationship:
Auto

Description

  1. Admin creates user
  2. User is activated
  3. Admin can grant can_manage to the service account user to managing user or group
  4. How managing users or groups can access service account and manipulate tokens

Add page to the admin section that shows how to create the user and create tokens for that user using command line tools.

Need to confirm:

  • Behavior of creating user without an email by admin
  • Ability for users with can_manage to issue tokens

Subtasks 1 (0 open1 closed)

Task #21053: Review 19140-service-acct-creation-docResolvedLucas Di Pentima10/09/2023Actions
Actions #1

Updated by Peter Amstutz about 2 years ago

  • Description updated (diff)
Actions #2

Updated by Peter Amstutz about 2 years ago

  • Description updated (diff)
Actions #3

Updated by Peter Amstutz about 2 years ago

  • Description updated (diff)
Actions #4

Updated by Peter Amstutz about 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #6

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2022-06-22 Sprint to 2022-07-20
Actions #7

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2022-07-20 to 2022-08-31 sprint
Actions #8

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2022-08-31 sprint to 2022-09-28 sprint
Actions #9

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2022-09-28 sprint to 2022-10-12 sprint
Actions #10

Updated by Peter Amstutz almost 2 years ago

  • Target version changed from 2022-10-12 sprint to 2022-11-23 sprint
Actions #11

Updated by Peter Amstutz over 1 year ago

  • Target version deleted (2022-11-23 sprint)
Actions #12

Updated by Peter Amstutz over 1 year ago

  • Target version set to 2023-02-01 sprint
Actions #13

Updated by Peter Amstutz over 1 year ago

  • Target version changed from 2023-02-01 sprint to Future
Actions #14

Updated by Peter Amstutz over 1 year ago

  • Assigned To set to Peter Amstutz
Actions #15

Updated by Peter Amstutz over 1 year ago

  • Release set to 59
  • Story points set to 1.0
  • Target version deleted (Future)
  • Assigned To deleted (Peter Amstutz)
  • Description updated (diff)
Actions #16

Updated by Peter Amstutz over 1 year ago

  • Category set to Documentation
Actions #17

Updated by Peter Amstutz over 1 year ago

  • Tracker changed from Feature to Support
Actions #18

Updated by Peter Amstutz over 1 year ago

  • Target version set to To be scheduled
Actions #19

Updated by Peter Amstutz 8 months ago

  • Target version changed from To be scheduled to Development 2023-10-11 sprint
  • Assigned To set to Lucas Di Pentima
Actions #20

Updated by Lucas Di Pentima 8 months ago

  • Status changed from New to In Progress
Actions #21

Updated by Lucas Di Pentima 8 months ago

I've done the following tests:

As an admin...

  1. Created a user with: arv user create -u '{"username":"svcaccount1", "first_name":"Service", "last_name":"Account 1"}'
  2. Set its is_active field to true with arv edit zzzzz-tpzed-svcaccount1
  3. Succesfully created token for user: arv api_client_authorization create -a '{"owner_uuid":"zzzzz-tpzed-svcaccount1"}'
  4. Shared a project with this service account
  5. Used the created v2 token to correctly arv-mount and confirm the shared (and other public) project are visible
  6. Created a can_manage link to give permissions to a non-admin user: arv link create -l '{"link_class":"permission","name":"can_manage","tail_uuid":"zzzzz-tpzed-nonadminuser", "head_uuid":"zzzzz-tpzed-svcaccount1"}'

As a non-admin user (zzzzz-tpzed-nonadminuser)...

  1. Failed at creating token for svcaccount1: arv api_client_authorization create -a '{"owner_uuid":"zzzzz-tpzed-svcaccount1"}' (got ArvadosModel::PermissionDeniedError exception)
Actions #22

Updated by Lucas Di Pentima 8 months ago

Updates at 9d1eefc4d6 - branch 19140-service-acct-creation-doc
Test run: developer-run-tests-doc-and-sdk-R: #2015

  • Adds a TOC to the User Management admin page
  • Adds a section about managing service accounts, with links to already existing examples on how to create and activate users, and create tokens for them through an admin account.
Actions #23

Updated by Peter Amstutz 8 months ago

  • Target version changed from Development 2023-10-11 sprint to Development 2023-10-25 sprint
Actions #24

Updated by Peter Amstutz 7 months ago

Lucas Di Pentima wrote in #note-22:

Updates at 9d1eefc4d6 - branch 19140-service-acct-creation-doc
Test run: developer-run-tests-doc-and-sdk-R: #2015

  • Adds a TOC to the User Management admin page
  • Adds a section about managing service accounts, with links to already existing examples on how to create and activate users, and create tokens for them through an admin account.

In the last paragraph, you should link to admin/scoped-tokens.html. It would also be a helpful to mention that the field expires_at by name.

The rest LGTM.

Actions #25

Updated by Lucas Di Pentima 7 months ago

  • % Done changed from 0 to 100
  • Status changed from In Progress to Resolved
Actions #26

Updated by Peter Amstutz 26 days ago

  • Release set to 67
Actions

Also available in: Atom PDF