Project

General

Profile

Actions

Feature #6254

closed

[Workbench] Support specifying group memberships for shell accounts

Added by Ward Vandewege over 9 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Radhika Chippada
Category:
Workbench
Target version:
Story points:
1.0

Description

Original requirements

We need a way to list the groups a user should be part of on the node they can log in to.

Typical use cases:

a) docker group
b) admin group

Solution to implement

The simplest thing that could possibly work:

  • can_login links grow a groups property, an array of group name strings.
  • Workbench's user setup form has a text entry field for the administrator to enter a comma-separated list of group names. After setting up the user, Workbench updates the can_login link to include the list of groups as a property.
  • The script that actually creates shell accounts from can_login links creates group memberships from the new groups property. (This is a separate story. This story is just about Workbench development.)

We know that this method is susceptible to typos—it will silently fail to set the desired group memberships if the admin makes a mistake entering the group memberships in the setup form. We consider that an acceptable risk/limitation for now.


Subtasks 1 (0 open1 closed)

Task #6297: Review branch: 6254-groups-during-setupResolvedRadhika Chippada06/10/2015Actions

Related issues 1 (0 open1 closed)

Blocks Arvados - Idea #6320: [OPS] Shell account creation script supports `groups` properties in can_login linksResolvedBrett Smith06/16/2015Actions
Actions

Also available in: Atom PDF