Uploaded image for project: 'Data Management'
  1. Data Management
  2. DM-20122

Investigate client auth patterns for LSST the Docs

    Details

    • Templates:
    • Story Points:
      1.4
    • Team:
      SQuaRE

      Description

      This is an investigation, design, and planning ticket for the largerĀ DM-18720 epic.

      The basic problem is that clients for LSST the Docs generally shouldn't have S3 credentials. They are both extra things for clients to track, and they can potentially give clients more access to S3 than they need. We want to move to a model with LTD Keeper is the only application with credentials to LTD's S3 bucket. The question then, is how LTD Keeper should provide access for clients to upload new builds into the S3 bucket. The main options are:

      1. LTD Keeper creates a temporary S3 credential for the client, and then ensures that the credential is deleted/rotated.
      2. LTD Keeper generates presigned URLs that the client can upload to.
      3. The client uploads files to LTD Keeper, and LTD Keeper forwards those objects to S3.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jsick Jonathan Sick
                Reporter:
                jsick Jonathan Sick
                Watchers:
                Jonathan Sick
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel