Dear all,
Over the last couple of weeks Xavier and I managed to catch up a couple of time
to discuss the current status of FAS3.
I would like to summarize a little the output of these discussions.
We can basically, consider 3 types of tasks left.
* Development:
Admin panel
Xavier is working on providing an Admin panel to FAS3. This would provide a
central place for admin tasks such as blocking an user, deleting an account
and so on
-> Due by next week
Group membership model
Xavier is thinking to rework the membership model for FAS groups. There is
currently three levels: user, sponsors and admins while there are groups where
sponsors might not be needed or where another level could be useful.
-> Optional for 3.0, NOTABLOCKER
Unit-tests
FAS3 has currently little tests and needs much more
-> Would be good to have for 3.0 but NOTABLOCKER (at least for a staging
instance)
2FA
2 Factor Authentication is probably the biggest point remaining to develop.
In FAS2, yubikey is integrated into FAS, while gauth isn't. For FAS3 we
probably want to integrate both so that users have a place to set and reset
their tokens.
On the otherside, keeping the yubikey and the gauth servers out of FAS3 also
make sense. So we may want to find a way for both to share some information
where FAS3 would have read/write permissions while the yubikey/gauth servers
would have only read.
* Migration
The idea here is two provide two scripts, a python script that will check the
FAS2 DB and report problematic data (for example multiple users having the same
IRC nick).
Then a SQL script to be used once to convert the FAS2 DB into a FAS3 DB or
migrate from the FAS2 DB to a different FAS3 DB (we'll see what is the easiest
or makes the most sense).
* Integration
There are still quite a few integrations to do.
- Packaging
Xavier checked and said that all dependencies are present in RHEL, EPEL or
Fedora already. We'll need to double-check and request the epel7 branch
where needed.
- Ipsilon
This should likely be the first one to work on, in order to allow login on our
apps in staging.
- fedora-python
Here the client needs to be ported from FAS2 to FAS3. The API has entirely
changed and is not backward compatible but we *may* be able to make the API
of the client backward compatible.
Xavier already started working on this in the FAS3 branch
- All our apps using FAS
The idea is to deploy FAS3 in staging so that we can test/fix all our apps
using FAS one by one and take our time to do this.
As you can see, most of the development will be done by next week, except for
the 2FA aspect which we need to figure out.
I have volunteered to work on the migration scripts.
Xavier and Patrick will need to coordinate for the Ipsilon integration.
Then, we should be ready to push a FAS3 instance to staging.
The idea is that we have FAS3 running in staging by Christmas.
How does this sound? Anyone willing to step in?
Thanks for your attention,
Pierre & Xavier