On Mon, 7 May 2012 12:26:00 +0200, Alexander Sack <[email protected]> wrote: > On Mon, May 7, 2012 at 12:19 PM, Loïc Minier <[email protected]> wrote: > > On Mon, May 07, 2012, Michael Hudson wrote: > >> 2) Another way is to create a user that does not correspond to a user on > >> LP (gfx-daily-job-submitter or somethign) and add it to the linaro > >> group on v.l.o. This feels a bit better, but it's not very 'self > >> service' -- the only way to create such a user is via the admin panel > >> afaik. > > > > This seems fine to me; creating a machine-to-machine account/setup > > seems like a one-off action which doesn't need to involve LP. > > We could share a single set of LAVA credentials for all jobs coming > > from ci.linaro.org. > > > > If this isn't automated enough, we could have a way to create new LAVA > > credentials for anyone in a specific Launchpad team? > > > Yes, machine to machine is the way to go... > > But, I don't think we need specific users like gfx-... we just need > _one_ user shared by all @linaro.org protected jobs. This should be > configured on the backend side for all @linaro.org transparently so > the user (alf) does not need to bother about it... > > That should be simple to setup and shouldn't require lot's of > maintenance nor any further sophistication.
I think that makes sense. The necessity of the infrastructure team sharing the password of this user still doesn't seem like a great thing, but maybe that's OK for now. (In the medium term, maybe we should be able to associate tokens with groups, and any member of the group can manage tokens associated with the group?) Cheers, mwh _______________________________________________ linaro-validation mailing list [email protected] http://lists.linaro.org/mailman/listinfo/linaro-validation
