zrhoffman commented on a change in pull request #5685:
URL: https://github.com/apache/trafficcontrol/pull/5685#discussion_r611702111
##########
File path: infrastructure/ansible/roles/dataset_loader/defaults/main.yml
##########
@@ -108,6 +108,11 @@ dl_ds_default_users:
email: [email protected]
fullName: A local account with RO rights
role: read-only
+ - username: '{{ federation_user }}'
+ password: '{{ to_admin_user_password }}'
+ email: '{{ federation_user }@kabletown.invalid'
+ fullName: A local account with admin rights
+ role: admin
Review comment:
While Admin-level permissions are not required for Users assigned to a
Federation, that's not really a meaningful statement, because there is also no
requirement that a User is even assigned to a Federation in order for Traffic
Router to be able to use that Federation.
Admin-level permissions *are* required to POST to any Federations endpoint:
* `POST federation_resolvers`
* `POST federations`
* `POST federations/{{ID}}/deliveryservices`
* `POST federations/{{ID}}/federation_resolvers`
* `POST federations/{{ID}}/users`
So, creating a dedicated Federation User seems pointless if that User does
not also have Admin-level permissions (any Admin-level user can assign Users,
DSes, or Federation Resolvers to that Federation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
