launchpad-dev team mailing list archive

Thread
Date

Re: Launchpad persona in Launchpad

To: Jeroen Vermeulen <jtv@xxxxxxxxxxxxx>
From: Robert Collins <robertc@xxxxxxxxxxxxxxxxx>
Date: Tue, 24 May 2011 08:23:40 +1200
Cc: Launchpad Community Development Team <launchpad-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <4DDA6A8C.4020206@canonical.com>

On Tue, May 24, 2011 at 2:09 AM, Jeroen Vermeulen <jtv@xxxxxxxxxxxxx> wrote:
> Hi,
>
> This is something I run into from time to time: some component of Launchpad
> needs to do things in Launchpad that previously only humans and teams could
> do.  The component needs to be an owner of something, or enter a comment in
> a conversation, or commit to a bzr branch etc.
>
> What we've done so far is create accounts for these components more or less
> ad hoc.  Sometimes this is helpful because the persona will be specific to
> the component it represents — e.g. launchpad-pqm — but mainly it's a pain.
>
> Should we have a single celebrity user identity for "Launchpad itself" that
> we can reach for in these situations?

No.

We have a similar situation in DB connections where we make new users
for each service and so on - and its extremely useful. The security
side is sometimes a wash, particularly where many things run from the
same box, but the reporting is definitely a major win.

I think that we have two categories of actors:
 - internal actors
 - actors of clients of launchpad

For the former we *might* want a single service account. *might*. I've
yet to see a convincing argument for its utility. What we usally want
IME is impersonation: The ability for a service to act 'on behalf of
user Fred' when journalling actions etc. For instance software centre
agent wants the ability to subscribe PPA consumers to private PPAs,
and it would be neat if the audit log for that said 'SCA on behalf of
Fred (PPA owner that got paid) subscribed Bart to PPA Fred/product'.

For the latter, we *definitely* want separate service accounts. What
we need is the ability to have such an account (sketching):
 - be tightly associated with either a person/team (so its owned) or project
 - not have an email address (we never need to contact it and sending
it mail is a waste)
 - be able to be granted access analogously to other Persons
 - probably don't want impersonation, or want tight rules over who it
can impersonate.

Now, if a user of Launchpad (like Canonical) were to choose to have a
single service account and reuse it for all their stuff - thats fine
and outside our worry-sphere ;)

-Rob

Follow ups

Re: Launchpad persona in Launchpad
From: Jeroen Vermeulen, 2011-05-24

References

Launchpad persona in Launchpad
From: Jeroen Vermeulen, 2011-05-23