Skip to content

clean up "test-privileged", "test-unprivileged" users #1087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
May 19, 2022
Merged

clean up "test-privileged", "test-unprivileged" users #1087

merged 6 commits into from
May 19, 2022

Conversation

davepacheco
Copy link
Collaborator

@davepacheco davepacheco commented May 19, 2022
edited
Loading

This change cleans up a few things related to the built-in users:

  • The test users ("test-privileged" and "test-unprivileged") are now Silo Users rather than built-in users. (This enables the rest of the cleanup below.)
  • We no longer create a Silo User for any built-in users. (We used to create a Silo User for each built-in user).
  • Built-in users no longer have a Silo associated with them. (Recall that built-in users are identities used by Nexus to limit its own privileges. They're not principals in the usual sense and they're not supposed to be associated with any Silo in particular.)
  • It's no longer possible to authenticate to the external API as a built-in user. IAM: support assigning roles on the Fleet #1051 recently extended "spoof" to treat users as Silo Users by default, but allow specifying a built-in user. Now you can't specify a built-in user.

There are a few more things that would be nice to do but we can't do quite yet:

  • In principle, it'd be nice if we didn't create the test users (test-privileged and test-unprivileged) in Nexus, but rather in the test suite. However, test-privileged is the only identity that's ever really capable of doing anything -- including creating other users. So we need it to be created by Nexus during startup -- the test suite has no creds it could use to do this itself. The eventual answer here is the bootstrapping of the initial Silo and IdP integration discussed in RFD 234. (The test users are also used by the console spoof login, but that's not really a blocker for this. It's really just the lack of a real bootstrapping process.)
  • The default Silo is used for a lot less now. It'd be nice to remove it, but we can't for the same reason -- we need a real bootstrapping process to get things started.

@davepacheco davepacheco mentioned this pull request May 19, 2022
Closed
69 tasks
@davepacheco davepacheco requested review from plotnick and jmpesp May 19, 2022 03:44
@davepacheco davepacheco marked this pull request as ready for review May 19, 2022 03:44
@davepacheco davepacheco mentioned this pull request May 19, 2022
Merged
plotnick
plotnick approved these changes May 19, 2022
View reviewed changes
Copy link
Contributor

@plotnick plotnick left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like an unambiguous improvement. Built-in users being in a Silo was confusing, and the test users not being in a Silo was also confusing. Patches that reduce confusion are the best kind of patches!

@davepacheco davepacheco merged commit 81c041d into main May 19, 2022
@davepacheco davepacheco deleted the remove-unprivileged branch May 19, 2022 20:05
@davepacheco
Copy link
Collaborator Author

Thanks for the reviews!

leftwo pushed a commit that referenced this pull request Jan 28, 2024
Update crucible and propolis versions
301f95e 
Crucible changes
Remove a superfluous copy during write serialization (#1087)
Update to progenitor v0.5.0, pull in required Omicron updates (#1115)
Update usdt to v0.5.0 (#1116)
Do not panic on reinitialize of a downstairs client. (#1114)
Bump (tracing-)opentelemetry(-jaeger) (#1113)
Make the Guest -> Upstairs queue fully async (#1086)
Switch to per-block ownership (#1107)
Handle timeout in the client IO task (#1109)
Enforce buffer alignment (#1106)
Block size buffers (#1105)
New dtrace probes and a counter struct in the Upstairs. (#1104)
Implement read decryption offloading (#1089)
Remove Arc + Mutex from Buffer (#1094)
Comment cleanup and rename of DsState::Repair -> Reconcile (#1102)
do not panic the dynamometer for OOB writes (#1101)
Allow dsc to start the downstairs in read-only mode. (#1098)
Use the omicron-zone-package methods for topo sorting (#1099)
Package with topological sorting (#1097)
Fix clippy lints in dsc (#1095)

Propolis changes:
PHD: demote artifact store logs to DEBUG, enable DEBUG on CI (#626)
PHD: fix missing newlines in serial.log (#622)
PHD: fix run_shell_command with multiline commands (#621)
PHD: fix `--artifact-directory` not doing anything (#618)
Update h2 dependency
Update Crucible (and Omicron) dependencies
PHD: refactor guest serial console handling (#615)
phd: add basic "migration-from-base" tests + machinery (#609)
phd: Ensure min disk size fits read-only parents (#611)
phd: automatically fetch `crucible-downstairs` from Buildomat (#604)
Mitigate behavior from illumos#16183
PHD: add guest adapter for WS2022 (#607)
phd: include error cause chain in failure output (#606)
add QEMU pvpanic ISA device (#596)
Add crucible-mem backend
Make crucible opt parsing more terse in standalone
@leftwo leftwo mentioned this pull request Jan 28, 2024
Merged
leftwo added a commit that referenced this pull request Jan 29, 2024
@leftwo
Update crucible and propolis versions (#4912)
45df2e6 
Crucible changes
Remove a superfluous copy during write serialization (#1087) Update to
progenitor v0.5.0, pull in required Omicron updates (#1115) Update usdt
to v0.5.0 (#1116)
Do not panic on reinitialize of a downstairs client. (#1114) Bump
(tracing-)opentelemetry(-jaeger) (#1113)
Make the Guest -> Upstairs queue fully async (#1086) Switch to per-block
ownership (#1107)
Handle timeout in the client IO task (#1109)
Enforce buffer alignment (#1106)
Block size buffers (#1105)
New dtrace probes and a counter struct in the Upstairs. (#1104)
Implement read decryption offloading (#1089)
Remove Arc + Mutex from Buffer (#1094)
Comment cleanup and rename of DsState::Repair -> Reconcile (#1102) do
not panic the dynamometer for OOB writes (#1101) Allow dsc to start the
downstairs in read-only mode. (#1098) Use the omicron-zone-package
methods for topo sorting (#1099) Package with topological sorting
(#1097)
Fix clippy lints in dsc (#1095)

Propolis changes:
PHD: demote artifact store logs to DEBUG, enable DEBUG on CI (#626) 
PHD: fix missing newlines in serial.log (#622)
PHD: fix run_shell_command with multiline commands (#621) 
PHD: fix `--artifact-directory` not doing anything (#618) Update h2
dependency
Update Crucible (and Omicron) dependencies
PHD: refactor guest serial console handling (#615) 
phd: add basic "migration-from-base" tests + machinery (#609) 
phd: Ensure min disk size fits read-only parents (#611) 
phd: automatically fetch `crucible-downstairs` from Buildomat (#604)
Mitigate behavior from illumos#16183
PHD: add guest adapter for WS2022 (#607)
phd: include error cause chain in failure output (#606) add QEMU pvpanic
ISA device (#596)
Add crucible-mem backend
Make crucible opt parsing more terse in standalone

Co-authored-by: Alan Hanson <alan@oxide.computer>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@plotnick plotnick plotnick approved these changes

@jmpesp jmpesp jmpesp approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@davepacheco @plotnick @jmpesp