[full-ci] set demo users to default off #3474
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
|
💥 Acceptance test localApiTests-apiArchiver-ocis failed. Further test are cancelled... |
micbar
force-pushed
the
no-demo-users
branch
2 times, most recently
from
6ba339b to
c488afb
Compare
micbar
changed the title
micbar
added
Category:Change
micbar
requested review from
wkloucek,
phil-davis,
individual-it,
kulmann and
pascalwengerter
as code owners
|
Kudos, SonarCloud Quality Gate passed!
|
|
This is confusing and needs clearance before merging:
@EParzefall fyi |
We are in a two-step transition. The accounts service will be deleted in the next 2 weeks, but before we need this move
That will be the value after we remove the accounts service
This is not in the code, it is just in the demo deployments, another abstraction layer like
Remove them manually
creation, it means the accounts are persisted
Like stated in the docs, we always create the
@mmattel @EParzefall I admit, the whole ocis config is still very confusing. It will change another time before beta. We need to merge this change here to make it more secure. The switch to LibreIDM will happen in the next sprint. And it will create a bunch of new documentation and config options. |
|
@mmattel @EParzefall I am not sure if the whole demo users topic should be in the admin docs. For the admins, it is important that they know how to deploy a secure ocis in production. BTW this is the reason why we change the default behavior. You only get the demo users when you explicitly want them. This prevents insecure oCIS instances out there where demo users are present and the admin is not aware of them. |
|
The documentation of the demo users is definitely necessary for the admin docs, means creation, removal, warning ect. This has to be in because one will find the env and gives it a try. As it is in the docs, he then knows the impact and how to remove properly. I will use the new env and not the old one as you said it will get removed soon. Not worth doing double work - but I will hook myself into the referenced issue to get notified when it is merged. |
Q: as far I have understood and read in dev.docs, the "admin" user created is part of the demo users. I understand the IDP user which is not part of the demo users but where is that written. Did I missed something? If I got it right, to create a new admin user, you use |
|
@mmattel Please let us not bother with the old accounts CLI. We merge this and use this the next 2 weeks. Then switch to LibreIDM |
|
I do not know what is old and what is new and what the differences and impacts are... |
|
everything with the noun We never wanted to do user management in ocis. Creating the accounts service was a mistake in the past. In the future we will only rely on an external Identity Management. For the So what does that mean for you and the docs: IMO the admin docs should focus on how to connect an external IDP. We do not know yet, how much the LibreIDM scales. We suppose it will only be supported for very small use cases. So the mesage would be:
This PR is mainly about changing the CI and the Demo Deployments. It should be merged ASAP. |
|
everything with the noun We never wanted to do user management in ocis. Creating the accounts service was a mistake in the past. In the future we will only rely on an external Identity Management. For the So what does that mean for you and the docs: IMO the admin docs should focus on how to connect an external IDP. We do not know yet, how much the LibreIDM scales. We suppose it will only be supported for very small use cases. So the mesage would be:
This PR is mainly about changing the CI and the Demo Deployments. It should be merged ASAP. |
Description
Disable the creation of the demo users by default
Tasks
falseRelated Issue
Motivation and Context
How Has This Been Tested?
Types of changes
Checklist: