Offboarding Kenn Maguire
This issue is used to track the progress of offboarding team members from POPs. This process includes removing access, and rotating creds.
Access Removal
-
Remove user's admin access in gitlab Task actions
- Convert to task
- Delete
-
Remove user from hardening_manifest.yaml
andrenovate.json
files in this groupTask actions
- Convert to task
- Delete
-
Remove user's membership from:
-
Task actions
- Convert to task
- Delete
-
ironbank-access/pops-leadership Task actions
- Convert to task
- Delete
-
-
Remove user from ironbank.yaml
in this projectTask actions
- Convert to task
- Delete
-
Double check user's membership in the Gitlab admin portal - Should be located at https://repo1.dso.mil/admin/users//projects
Task actions
- Convert to task
- Delete
-
Double check whether user is directly listed in merge/push permissions on master/development for the master project template Task actions
- Convert to task
- Delete
-
Remove the user's pubkey from this project Task actions
- Convert to task
- Delete
-
If you are a harbor admin and you have keycloak access
-
Find the role associated with Harbor admin in registry1.dso.mil Task actions
-
Convert to task
-
Delete
-
Look at Administration->Configuration->OIDC Admin Group Task actions
- Convert to task
- Delete
-
In Keycloak, remove the user from that group Task actions
- Convert to task
- Delete
-
-
Key Rotation
-
AWS Keys Task actions
-
Convert to task
-
Delete
-
Prod + Staging Task actions
-
Convert to task
-
Delete
-
S3_ACCESS_KEY Task actions
- Convert to task
- Delete
-
S3_SECRET_KEY Task actions
- Convert to task
- Delete
-
COSIGN_AWS_ACCESS_KEY_ID Task actions
- Convert to task
- Delete
-
COSIGN_AWS_SECRET_ACCESS_KEY Task actions
- Convert to task
- Delete
-
Harbor S3 AWS access and secret keys Task actions
- Convert to task
- Delete
-
Gitlab S3 AWS access and secret keys Task actions
- Convert to task
- Delete
-
-
RDS password/username for harbor, gitlab, anchore, VAT (multiple users), IBFE (multiple users) Task actions
- Convert to task
- Delete
-
-
Harbor push auth Task actions
-
Convert to task
-
Delete
-
ironbank-staging (i.e. DOCKER_AUTH_CONFIG_FILE_PRE_PUBLISH) Task actions
- Convert to task
- Delete
-
ironbank (i.e. DOCKER_AUTH_CONFIG_FILE_PUBLISH) Task actions
- Convert to task
- Delete
-
-
Gitlab bot tokens Task actions
- Convert to task
- Delete
- project access tokens:
-
CHT-ironbank-bot: project: https://repo1.dso.mil/cht-automation/bots/ironbank-bot ci_var: GITLAB_TOKEN Task actions
- Convert to task
- Delete
-
CHT-Robotnik: project: https://repo1.dso.mil/cht-automation/bots/ironbank-bot ci_var: IRONBANK_TOOLS_TOKEN Task actions
- Convert to task
- Delete
-
CHT-Triage: project: https://repo1.dso.mil/cht-automation/bots/triage ci_var: GITLAB_TOKEN Task actions
- Convert to task
- Delete
-
POPs-ci-var-checker: update this in the ironbank-bootstrap ci var script Task actions
- Convert to task
- Delete
-
POPs-project-metadata: project: https://repo1.dso.mil/ironbank-tools/project-metadata ci_var: IRONBANK_TOOLS_TOKEN Task actions
- Convert to task
- Delete
-
POPs-project-permissions: project: https://repo1.dso.mil/ironbank-tools/project-permissions ci_var: IRONBANK_TOOLS_TOKEN Task actions
- Convert to task
- Delete
-
POPs-project-template: project: https://repo1.dso.mil/ironbank-tools/project-template ci_var: IRONBANK_TOOLS_TOKEN Task actions
- Convert to task
- Delete
-
POPs-renovate-tools project: https://repo1.dso.mil/ironbank-tools/renovate-tools ci_var: IRONBANK_TOOLS_TOKEN Task actions
- Convert to task
- Delete
-
VAT-user-list: provide vat with this token Task actions
- Convert to task
- Delete
-
- User access tokens
-
POPs Trigger user: POPs-trigger project: https://repo1.dso.mil/ironbank-tools/renovate-tools ci_var: IRONBANK_TOOLS_TOKEN
-