Skip to content

Commit

Permalink
Add section about mobu permissions
Browse files Browse the repository at this point in the history
Discuss the mobu permissions and configuration issues.
  • Loading branch information
rra committed Apr 30, 2024
1 parent 5562be2 commit bb4e9d6
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 2 deletions.
24 changes: 22 additions & 2 deletions index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -263,9 +263,29 @@ Mobu will play a role in performing self-checkout of these deployments; hence it
.. .. bibliography:: local.bib lsstbib/books.bib lsstbib/lsst.bib lsstbib/lsst-dm.bib lsstbib/refs.bib lsstbib/refs_ads.bib
.. :style: lsst_aa
Documentation:
--------------
Documentation
-------------

**Before:** Documentation is primarily in technotes; service deployment docs are in phalanx.lsst.io

**After:** Create mobu.lsst.io documentation for developer (user) documentation.

Permissions
-----------

**Before:** Creating new mobu flocks on the fly requires ``exec:admin`` permissions because it allows creating tokens for arbitrary bot users with arbitrary scopes.
This makes it hard for application developers to test new flocks or run ad hoc flocks (for load testing, for example).

**After:** Provide some mechanism for application developers to test their flocks without needing ``exec:admin`` permissions, and to pause flocks when performing maintenance on their applications.

**Discussion:**

Originally, the design of mobu assumed people would use the REST API to start and stop flocks.
We then added autostart to make the running mobu flocks configuration-driven, and now that's become the main way to use mobu.
Ad hoc flocks are, however, still supported, and may be useful for application owers to test.

Currently, application developers won't have any access to change the mobu configuration, since mobu is an infrastructure application.
This means they'll require help getting their flocks started, and iterating on a flock using the autostart configuration and restarting mobu (what SQuaRE normally does) is not available to them.

We need to rethink the interaction of the REST API and the Phalanx configuration for mobu, figure out where we want to put the relevant configuration, and probably figure out a better security model for manipulating running flocks.
This probably includes additional operations on flocks as well, such as pausing a flock so that it still shows up in the daily report but reports as paused.
5 changes: 5 additions & 0 deletions technote.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,17 @@ series_id = "SQR"
canonical_url = "https://sqr-080.lsst.io/"
github_url = "https://github.com/lsst-sqre/sqr-080"
github_default_branch = "main"
date_created = 2023-12-27
date_updated = 2024-04-29
organization.name = "Vera C. Rubin Observatory"
organization.ror = "https://ror.org/048g3cy84"
license.id = "CC-BY-4.0"

[[technote.authors]]
name = {given = "Frossie", family = "Economou"}
internal_id = "economouf"
orcid = "https://orcid.org/0000-0002-8333-7615"

[[technote.authors.affiliations]]
name = "Rubin Observatory Project Office"
internal_id = "RubinObs"
Expand All @@ -19,6 +23,7 @@ address = "950 N. Cherry Ave., Tucson, AZ 85719, USA"
[[technote.authors]]
name = {given = "Russ", family = "Allbery"}
internal_id = "allberyr"

[[technote.authors.affiliations]]
name = "Rubin Observatory Project Office"
internal_id = "RubinObs"
Expand Down

0 comments on commit bb4e9d6

Please sign in to comment.