Support access to data on the legacy stack

[alanbchristie]

From Warren: -

We are getting this request from several folk. I suspect the increase in requests for access to the legacy stack is strongly correlated to the ASAP grant reporting currently on the go. Can you please investigate/put at the top of your list.

The concern is where does this end? If it's simply accessing legacy data then we probably just need to...

1. Port the changes to the security modules that permit the new access mechanism (i.e. key-based SSH Tunnel and "service account"). This will be delicate work, as the code in the V2 stack has undergone numerous structural changes.
2. This will also require branching and patching the AWX/Ansible playbooks in order to deploy the tunnel SSH private key (via a k8s ConfigMap) to the stack.

---

The V2 stack introduced a number of variables in this area, which can have sensible defaults for the V1 stack: -

• SECURITY_CONNECTOR_CACHE_MINUTES
• PUBLIC_TAS_LIST
• SSH_PRIVATE_KEY_FILENAME

[phraenquex]

Needs someone to test it.

[mwinokan]

@alanbchristie says this work is done, but it is not deployed and needs testing

[mwinokan]

@alanbchristie has not verified this for the one private target (Lizbe's).

@phraenquex says we no longer need to support private legacy targets (especially if there's only one target).

[phraenquex]

@alanbchristie to clean up Frank's credentials from the legacy code. Then move to production.

[alanbchristie]

For the record ... in order to disable ISPyB connections in the legacy stack we simply have to remove any definition of the Pod environment variable ISPYB_HOST. If not defined the get_remote_conn() function will not create a connection (nor try to communicate with ISPyB (MySQL).

Importantly SECURITY_CONNECTOR must be defined as ssh_ispyb to force remote connections (which will not be made).