Enable access via ssh-oidc and cloud.egi.eu

CONTRIBUTING.md

@@ -10,17 +10,14 @@ contribute are also welcome.
 
 ## Feedback and Questions
 
-If you wish to discuss anything related to the project, please open an issue or
-start a topic on the [EGI Community Forum](https://community.egi.eu). The
-maintainers will sometimes move issues off of GitHub to the community forum if
-it is thought that longer, more open-ended discussion would be beneficial,
-including a wider community scope.
+If you wish to discuss anything related to the project, please open a
+[GitHub issue](https://github.com/EGI-Federation/fedcloud-dashboard/issues/new).
 
 ## Contribution Process
 
-Before proposing a contribution via pull request, ideally there is an open issue
-describing the need for your contribution (refer to this issue number when you
-submit the pull request). We have a 3 steps process for contributions.
+Before proposing a contribution via pull request (PR), ideally there is an open
+issue describing the need for your contribution (refer to this issue number when
+you submit the pull request). We have a 3 steps process for contributions.
 
 1. Fork the project if you have not, and commit changes to a git branch
 1. Create a GitHub Pull Request for your change, following the instructions in
@@ -38,11 +35,11 @@ submit the pull request). We have a 3 steps process for contributions.
 ### Code Review Process
 
 Code review takes place in GitHub pull requests. See
-[this article](https://help.github.com/articles/about-pull-requests/) if you're
-not familiar with GitHub Pull Requests.
+[this article](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-pull-requests)
+if you're not familiar with GitHub Pull Requests.
 
 Once you open a pull request, maintainers will review your code using the
-built-in code review process in Github PRs. The process at this point is as
+built-in code review process in GitHub PRs. The process at this point is as
 follows:
 
 1. A maintainer will review your code and merge it if no changes are necessary.
@@ -59,7 +56,7 @@ easier to send pull requests.
 
 ### Branches and Commits
 
-You should submit your patch as a git branch named after the Github issue, such
+You should submit your patch as a git branch named after the GitHub issue, such
 as `#3`\. This is called a _topic branch_ and allows users to associate a branch
 of code with the issue.
 
@@ -90,7 +87,6 @@ EGI benefits from a strong community of developers and system administrators,
 and vice-versa. If you have any questions or if you would like to get involved
 in the wider EGI community you can check out:
 
-- [EGI Community Forum](https://community.egi.eu/)
-- [EGI website](https://www.egi.eu)
+- [EGI site](https://www.egi.eu)
 
 **This file has been modified from the Chef Cookbook Contributing Guide**.

deployment/cloud-init.yaml

@@ -18,3 +18,16 @@ users:
   - gh:sebastian-luna-valero
   ssh_authorized_keys:
   - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD3rdgKJj5WWIE5sD+Mup8HxgMQGY7cYwjwGGa4TJAkZMrhDon5MTgFko51xNZuU7pRhOdTQwJqu8Bkb+y2nAtFS3vHij4x4GgHU9TuLwhgiWjB3qhAj959vXg2FItHO8JsjM3a5R/VxX/hSXlEy+7iyHpH1zCi/LwhcFLEd7yTv0bV99yNMoLPQYhGjYQ5DqrWBKyu8ddFxfRzxaiHgFTvBPwa52Gwft7S7N90tV7fHCI8p+9nD57q6aWwTRtxbClJyf2vohSlIB0WqqPKTBy+he7QkV8VRq9zJyUMaelTTUy+nBolF4oyAHJViY9GAvfdEsHKW0FaV0SS4ICKjilQOAyK3uG+Hl26CCLvtWUmbx/XGAwfoCIipMqXwbjLwA2J+dXCaKS4uBz0f4eXKsXXoFmh4awEIOxpdVXUFYV231JxcgMGGhSQvaqla5QWZ93RNNS0v7SEhHKAkG6B8mOS8yyAu1mBCS0Y03p6xT/7lI5QI4cTIVD3HZU6dB2s/Fc= enol@Enols-MacBook-Pro.local
+
+write_files:
+  - content: |
+      # Created by cloud-init according to:
+      #    https://github.com/EGI-Federation/fedcloud-dashboard/blob/main/deployment/cloud-init.yaml
+      #
+      # 1. Access is restricted to members of the vo.cloud.egi.eu VO with the auditor role
+      #    urn:mace:egi.eu:group:cloud.egi.eu:role=auditor#aai.egi.eu
+      #
+      # 2. Once logged in, they have unrestricted sudo power:
+      %egi-eu_cloud-egi-eu ALL=(ALL) NOPASSWD:ALL
+    path: /etc/sudoers.d/motley
+    permissions: '0644'

deployment/galaxy-requirements.yaml

@@ -1,2 +1,4 @@
 # docker installation
 - src: grycap.docker
+# ssh-oidc access
+- src: grycap.motley-cue

deployment/playbook.yaml

@@ -14,7 +14,9 @@
   roles:
   - role: 'grycap.docker'
     docker_config_values: { "mtu": 1400 }
-
+  - role: 'grycap.motley-cue'
+    ssh_oidc_other_vos_name: cloud.egi.eu
+    ssh_oidc_other_vos_role: auditor
 
 - hosts: all
   become: yes