Offboarding Sam
This issue is used to track the progress of offboarding team members from POPs. This process includes removing access, and rotating creds.
Offboarding Pipeline
-
Run a Pipeline in the offboading automation repo - Run pipeline with a CI var named OFFBOARDED_USERNAMES that is the username(s) of user(s) to offboard
- If multiple usernames, separate usernames with a comma
- Run pipeline with a CI var named OFFBOARDED_USERNAMES that is the username(s) of user(s) to offboard
-
Once the pipeline has started, click on the following jobs to start them -
update-assignee - This will create MRs that need to be approved to offboard user
-
variable-rotation -
harbor-cred-management
-
Access Removal
-
Remove user's admin access in gitlab -
Remove user's membership from:
-
Double check user's membership in the Gitlab admin portal - Should be located at https://repo1.dso.mil/admin/users//projects
-
Double check whether user is directly listed in merge/push permissions on master/development for the master project template -
Remove the user's pubkey from this project -
If you are a harbor admin and you have keycloak access
-
Find the role associated with Harbor admin in registry1.dso.mil -
Look at Administration->Configuration->OIDC Admin Group -
In Keycloak, remove the user from that group
-
-
Key Rotation
-
AWS Keys Task actions
- Convert to task
- Delete
-
Prod + Staging -
S3_ACCESS_KEY -
S3_SECRET_KEY -
COSIGN_AWS_ACCESS_KEY_ID -
COSIGN_AWS_SECRET_ACCESS_KEY
-
-
Gitlab bot tokens Task actions
- Convert to task
- Delete
- User access tokens:
-
POPs Trigger user: POPs-trigger project: https://repo1.dso.mil/ironbank-tools/renovate-tools ci_var: IRONBANK_TOOLS_TOKEN
-
Edited by Michael Johnson