Re: I'm enabling topic authorization on the production bus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So, something broke, I forgot that the bodhi user also publishes to the org.fedoraproject.{env}.pungi.
I fixed that now but there were quite a few messages rejected during my night. It may be necessary to restart the compose.

Aurélien

Le lun. 10 juil. 2023 à 17:43, Aurelien Bompard <abompard@xxxxxxxxxxxxxxxxx> a écrit :
Done. The following users are not protected by ACLs (which means they can send to any topics):
- notifs-web and notifs-backend, because we'll remove the old FMN soonish
- alt-src: I couldn't contact the owner (Siteshwar?). Related to CentOS Stream. I tried to contact Brian Stinston.
- coreos: Same, couldn't contact the owner of this account.
- fedora-build-checks: Same story, I contacted Tim who redirected me to msrb, but got no response.

All the other accounts are only allowed to send to the topics they have defined in Ansible.
This opens the door to letting external services publish to our message bus, since we can make sure they can only publish to their namespace.
Please tell me if you see anything erroring out when you publish messages, I'll look at the logs which, helpfully, tell us when publishing to a topic is refused.
Thanks!

Aurélien
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux