As a curator
I want the tools on bastion to allow me to perform files operations on Wasabi with rclone
So that I can manage the dataset files on Wasabi
Acceptance criteria
Given a new user needs a system account on bastion
When we run the provisioning script for creating new user with username parameter "lily"
Then a bastion user account is created for "lily"
And SSH public keys are added to the authorised keys
And an AWS credential file is created in the bastion user's home directory with placeholder values
Given an existing user has an account on bastion
And there is no AWS credential file for the Wasabi sub-user in the bastion user's home directory
When we run the provisioning script for creating new user with username parameter "lily"
And an AWS credential file is created in the bastion user's home directory with placeholder values
Given an existing user has an account on bastion
And there is AWS credential file for the Wasabi sub-user in the bastion user's home directory
When we run the provisioning script for creating new user with username parameter "lily"
Then nothing change
Additional Info
Default location for the AWS credential files: ~/.aws/credentials
[x] Parse new wasabi user credentials CSV and debug-output in bastion-users Ansible role from a creds_csv_path variable passed to execution of users_playbook.yml
[x] Create AWS credentials file with Wasabi credentials filled in in the [default] profile from a j2 template
User story
Acceptance criteria
Additional Info
Default location for the AWS credential files:
~/.aws/credentials
Use:* https://docs.aws.amazon.com/cli/latest/reference/iam/create-role.html* https://docs.aws.amazon.com/cli/latest/reference/iam/create-access-key.htmlNice to have:* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html#Using_ManagingPasswordsAPI* https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_cliwpsapiAWS Credentials template (as
ops/configuration/aws/credentials.j2
)We assume that API keys created manually for now using the Wasabi dashboard. The API keys will need to be save in the Gitlab Variables.
or parse the API keys CSV directly from the play (use https://docs.ansible.com/ansible/latest/collections/community/general/read_csv_module.html)
Product Backlog Item Ready Checklist
Product Backlog Item Done Checklist