Right now SIG members need to individually request access to the relevant project in OpenShift to be able to work on the CentOS CI environment. It'd be great to have this hooked up to ACO instead, so that membership in e.g. sig-hyperscale would automatically grant access to the correct project.
sig-hyperscale
@dcavalca , it's a good request that some SIGs did in the past (see #97) but problem is that openshift by default doesn't accept that through oauth, and only through ldap (and we don't have access to that by default) So idea (proposal back in the days) is to write a custom python bridge script (like we already use for koji/cbs) that :
But it's so a feature-request, and not a simple config change, and should be discussed in backlog refinement, based on priority given on existing tasks with higher priority
Metadata Update from @arrfab: - Issue tagged with: authentication, centos-ci-infra, dev, feature-request
[backlog refinement] This is still a feature we want, but it's not currently a priority.
[backlog refinement] ARC team is currently investigating new feature in OpenShift 4.10 that would permit the group sync through OpenID Connect.
[backlog refinement] This is being worked on as OpenShift operator, which will be deployed in AWS OpenShift cluster when available.
Already tested in #820 and working fine. It will be rolled out for prod in #969 so closing this ticket for now as feature is now implemented, it just needs to be deployed but it will be done on the new cluster that CI tenants will have to migrate to (soon)
Metadata Update from @arrfab: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.