Arvados

Personally I don't like doing --system level configurations because we could be using git clone for other stuff, with unwanted consecuences. Correct me if I'm wrong the "git config" could be done when the user is created and only once. sound like a job for /usr/local/arvados/install-arvados-tokens.rb or /usr/local/arvados/update-shell-accounts.rb.

Nico Cesar wrote:

Personally I don't like doing --system level configurations because we could be using git clone for other stuff

This config only applies to urls with the given form, and only if not overridden in --global or per-repo configs or on the command line. It looks like this in .gitconfig:

[credential "https://git.zzzzz.arvadosapi.com/"]
    username = none
    helper = "!cred(){ cat >/dev/null; if [ \"$1\" = get ]; then echo password=$ARVADOS_API_TOKEN; fi; };cred" 

Using "git clone for other stuff" wouldn't be affected unless it was cloning from https://git.zzzzz.arvadosapi.com/ (and didn't want to specify/override). And Arvados tokens are the only way to authenticate to those URLs. Using "your token" automatically for arvados git urls seems no more intrusive than defaulting to ~/.ssh/id authentication for SSH git urls...?

I figured using system level config would make it easier for us to update the default/automatic config without mucking with users' own configs. But I suppose that only holds for shared shell VMs, so maybe it's no big win.

Anyway, if it makes more sense to put it in each user's ~/.gitconfig that's totally fine. As long as it's enabled by default for all logins, it's all the same to me...

(.. I agree on all the stuff cutted here...)

Tom Clegg wrote:

I figured using system level config would make it easier for us to update the default/automatic config without mucking with users' own configs. But I suppose that only holds for shared shell VMs, so maybe it's no big win.

Anyway, if it makes more sense to put it in each user's ~/.gitconfig that's totally fine. As long as it's enabled by default for all logins, it's all the same to me...

it's almost the same effort for the current state of the art. one is a global file provided by puppet, the other one is modifing the create_user script.

I have no strong preferences here. I think the user modification will keep it more aisolated. proabably is better down the road... but again. no particular preference.

any comment on thiss ward?

Nico Cesar wrote:

(.. I agree on all the stuff cutted here...)

Tom Clegg wrote:

I figured using system level config would make it easier for us to update the default/automatic config without mucking with users' own configs. But I suppose that only holds for shared shell VMs, so maybe it's no big win.

Anyway, if it makes more sense to put it in each user's ~/.gitconfig that's totally fine. As long as it's enabled by default for all logins, it's all the same to me...

it's almost the same effort for the current state of the art. one is a global file provided by puppet, the other one is modifing the create_user script.

I have no strong preferences here. I think the user modification will keep it more aisolated. proabably is better down the road... but again. no particular preference.

any comment on this ward?

Systemwide seems fine since it's pretty narrow. Agree on the potential pitfalls of doing this systemwide by default, but it's only for the local git repo and users can still override this locally.

"Configure git to use the ARVADOS_API_TOKEN environment variable to authenticate to gitolite."

That's not quite right, it uses the ARVADOS_API_TOKEN to talk to arv-git-httpd, not gitolite. This should say:

"Configure git to use the ARVADOS_API_TOKEN environment variable to authenticate to arv-git-httpd."