add new username to GFTS

[minrk]

Unfortunately, adding a user with s3 access is a multi-step process:

1. add user (lowercase) to s3_users and any other user lists in main.tf, and jupyterhub user list
2. run tofu apply to apply the s3 permissions
3. update secrets/config.yaml with the output of tofu output -json s3_credentials_json

Steps 2 and 3 are what actually grant the jupyterhub user s3 access

If we want default credentials, so any user who can access the hub has certain access to s3, I can set that up so just adding the username to jupyterhub is enough.

[annefou]

Ok. thank you! I suspected there were a few more steps, which is why I asked you to review the PR! I will add some documentation so we at least know the process (even if we can't necessarily perform all the steps).

Quick question: where do you run tofu apply and tofu output -json s3_credentials_json? Who is authorized to run these commands?

Regarding the default credentials, can we grant access (readonly) to the S3 buckets gfts-reference-data and destine-gfts-data-lake to any user who can access the hub? I don't think we want to give access to IFREMER data (or other groups' data in the future) to everyone.

[minrk]

Quick question: where do you run tofu apply and tofu output -json s3_credentials_json? Who is authorized to run these commands?

Currently, I may be the only one. I should give you the git-crypt key to decrypt the secrets.

Regarding the default credentials, can we grant access (readonly) to the S3 buckets gfts-reference-data and destine-gfts-data-lake to any user who can access the hub?

Yes, we can have readonly data to those by default. I'll look into that.