coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NET-WP-0019: update workplan with implementation notes and task statuses after core polish (T01-T04 done).

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-03 02:23:05 +02:00
parent 23af9b0a84
commit f56bca5b5d
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
workplans/NET-WP-0019-t06-adjacent-user-lifecycle-dry-run-polish.md
View File

@@ -47,7 +47,7 @@ Prefer extending existing patterns (the security-bootstrap-console.py templates/
id: NET-WP-0019-T01
status: done
priority: high
state_hub_task_id: ""
state_hub_task_id: "03e03868-a07d-478c-9808-f9decaeab2e8"
```
Create `sso-mfa/k8s/lldap/dry-run-nonroot-user.sh` (or equivalent in tools/) that:
@@ -73,7 +73,7 @@ Done when the script exists, is executable, documented in the lifecycle-guide, a
id: NET-WP-0019-T02
status: done
priority: high
state_hub_task_id: ""
state_hub_task_id: "564631a6-9b28-4e23-a852-5d85ade94a76"
```
Update `sso-mfa/k8s/lldap/create-user.sh` (and related scripts like break-glass.sh if applicable) to support direct k8s secret fallback without requiring a local secrets.env file on disk:
@@ -97,7 +97,7 @@ Also update the lifecycle-guide and new orchestrator to document/use the safer p
id: NET-WP-0019-T03
status: done
priority: medium
state_hub_task_id: ""
state_hub_task_id: "7a264b8a-1b71-4a3e-835b-3c27676d28ef"
```
Extend the security-bootstrap-console:
@@ -120,7 +120,7 @@ This makes the T06 flow first-class in the control surface, aligning with NET-WP
id: NET-WP-0019-T04
status: done
priority: medium
state_hub_task_id: ""
state_hub_task_id: "e0053d13-bc7a-41e8-900b-4a18a76e19d0"
```
Add a helper (script + console command + make target) for cleaning up after dry-runs:
@@ -138,7 +138,7 @@ Add a helper (script + console command + make target) for cleaning up after dry-
id: NET-WP-0019-T05
status: todo
priority: low
state_hub_task_id: ""
state_hub_task_id: "33f88f24-98bd-4a4d-b70e-f5811816f196"
```
Provide a non-secret way to exercise/verify actual KeyCape OIDC claims for a dry-run subject (beyond inferring from LLDAP groups + client verify):
@@ -156,7 +156,7 @@ This strengthens the "KeyCape OIDC claims" and "no root authority" verifications
id: NET-WP-0019-T06
status: todo
priority: low
state_hub_task_id: ""
state_hub_task_id: "aa8ddc00-e77e-4153-aaba-c4e464d4d1a4"
```
In the web-ui portion of security_bootstrap_console.py: