diff --git a/workplans/NET-WP-0019-t06-adjacent-user-lifecycle-dry-run-polish.md b/workplans/NET-WP-0019-t06-adjacent-user-lifecycle-dry-run-polish.md index d555319..d19b17a 100644 --- a/workplans/NET-WP-0019-t06-adjacent-user-lifecycle-dry-run-polish.md +++ b/workplans/NET-WP-0019-t06-adjacent-user-lifecycle-dry-run-polish.md @@ -47,7 +47,7 @@ Prefer extending existing patterns (the security-bootstrap-console.py templates/ id: NET-WP-0019-T01 status: done priority: high -state_hub_task_id: "" +state_hub_task_id: "03e03868-a07d-478c-9808-f9decaeab2e8" ``` Create `sso-mfa/k8s/lldap/dry-run-nonroot-user.sh` (or equivalent in tools/) that: @@ -73,7 +73,7 @@ Done when the script exists, is executable, documented in the lifecycle-guide, a id: NET-WP-0019-T02 status: done priority: high -state_hub_task_id: "" +state_hub_task_id: "564631a6-9b28-4e23-a852-5d85ade94a76" ``` Update `sso-mfa/k8s/lldap/create-user.sh` (and related scripts like break-glass.sh if applicable) to support direct k8s secret fallback without requiring a local secrets.env file on disk: @@ -97,7 +97,7 @@ Also update the lifecycle-guide and new orchestrator to document/use the safer p id: NET-WP-0019-T03 status: done priority: medium -state_hub_task_id: "" +state_hub_task_id: "7a264b8a-1b71-4a3e-835b-3c27676d28ef" ``` Extend the security-bootstrap-console: @@ -120,7 +120,7 @@ This makes the T06 flow first-class in the control surface, aligning with NET-WP id: NET-WP-0019-T04 status: done priority: medium -state_hub_task_id: "" +state_hub_task_id: "e0053d13-bc7a-41e8-900b-4a18a76e19d0" ``` Add a helper (script + console command + make target) for cleaning up after dry-runs: @@ -138,7 +138,7 @@ Add a helper (script + console command + make target) for cleaning up after dry- id: NET-WP-0019-T05 status: todo priority: low -state_hub_task_id: "" +state_hub_task_id: "33f88f24-98bd-4a4d-b70e-f5811816f196" ``` Provide a non-secret way to exercise/verify actual KeyCape OIDC claims for a dry-run subject (beyond inferring from LLDAP groups + client verify): @@ -156,7 +156,7 @@ This strengthens the "KeyCape OIDC claims" and "no root authority" verifications id: NET-WP-0019-T06 status: todo priority: low -state_hub_task_id: "" +state_hub_task_id: "aa8ddc00-e77e-4153-aaba-c4e464d4d1a4" ``` In the web-ui portion of security_bootstrap_console.py: