Check or reset the ID/PW of a project once registered when forgetting them

Question

Check or reset the ID/PW of a project once registered when forgetting them

ffjlabo opened this issue 2 months ago · comments

Yoshiki Fujikane commented 2 months ago

What would you like to be added:

It would be nice to be able to check or reset ID/PW in case we forgot them.

Why is this needed:
We can't log in when we forget them.

David Gannon · Answer 1 · Sat May 04 2024 20:35:12 GMT+0800 (China Standard Time)

Hi Guys,
I'd be interested in picking this one up, if it's still up for grabs.
Did you picture it being a command you could run on the server to remind you, or something more interactive in the GUI?
Cheers!
David

Yoshiki Fujikane · Answer 2 · Tue May 07 2024 13:41:48 GMT+0800 (China Standard Time)

@dgannon991
Thank you! Please give it a try :)
First, I would like to reconsider how to deal with this issue.
I re-evaluated the situation and thought about how to deal with it.

There may be other workarounds besides this method.
I would like both of you to lend me your strength. WDYT? @khanhtc1202 @t-kikuc
if @dgannon991 also has any opinions, I'd love to hear them.

Motivation

The static admin is a project admin user generated automatically when the project is created. We can log in with that account.
Also, we can change the username and password on the web console.

ref: https://pipecd.dev/docs-v0.47.x/user-guide/managing-controlplane/auth/#static-admin

Currently, we can fix ID/PW only after logging in to the web console.
So if you forget them, we can't log in some cases below

before setting up the SSO
When enabling the static admin

How to solve it

[IMO] There are two ways for now.

The control plane administrator resets the ID/PW on the ops page and notifies the new ID/PW to the project member. The control plane administrator encourages the project member to change them as soon as possible.
The control plane administrator notifies the current ID/PW to the project member.

I think 1 is better because the control plane administrator should not know the info for the separating responsibility.

Tetsuya Kikuchi · Answer 3 · Tue May 07 2024 14:34:31 GMT+0800 (China Standard Time)

@ffjlabo
Is this the same as #2408?
If so, would you close #2408 with a comment?

Yoshiki Fujikane · Answer 4 · Tue May 07 2024 16:40:24 GMT+0800 (China Standard Time)

@t-kikuc Thanks, closed

Tetsuya Kikuchi · Answer 5 · Tue May 07 2024 18:20:25 GMT+0800 (China Standard Time)

@ffjlabo
Thank you for your reconsideration.

How to solve it

I also think 1. is better because administrators should not know the current ID/PW for security.

David Gannon · Answer 6 · Fri May 10 2024 23:05:50 GMT+0800 (China Standard Time)

1 sounds great to me as well. I'll give it a go over the next few days. Cheers all!