[Workbench] Support specifying group memberships for shell accounts
We need a way to list the groups a user should be part of on the node they can log in to.
Typical use cases:
a) docker group
b) admin group
Solution to implement¶
The simplest thing that could possibly work:
- can_login links grow a
groupsproperty, an array of group name strings.
- Workbench's user setup form has a text entry field for the administrator to enter a comma-separated list of group names. After setting up the user, Workbench updates the can_login link to include the list of groups as a property.
- The script that actually creates shell accounts from can_login links creates group memberships from the new
groupsproperty. (This is a separate story. This story is just about Workbench development.)
We know that this method is susceptible to typos—it will silently fail to set the desired group memberships if the admin makes a mistake entering the group memberships in the setup form. We consider that an acceptable risk/limitation for now.