Opened 18 months ago

Last modified 5 months ago

#30510 needs_information task

Share access to the Snowflake broker domain front CDN configuration

Reported by: dcf Owned by:
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: arlolra, cohosh, dcf, phw Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by dcf)

Currently dcf is the only one who can manage the CDN configuration used for domain fronting the broker. (snowflake-broker.azureedge.net→snowflake-broker.bamsoftware.com.) If a change needs to be made, he's the only one who can do it. If he's not available for an extended time, the only workaround would be to set up a new CDN configuration and push out a new release that uses it.

To reduce the risk, more people should have access to the CDN configuration. So either:

  1. dcf figures out how to delegate admin access on Azure to other Microsoft accounts, or
  2. we move the CDN configuration or set up a new one that allows shared access.

Child Tickets

Change History (3)

comment:1 Changed 18 months ago by dcf

Keywords: arlolra cohosh dcf phw added

Ccing manually because automatic Ccing seems to be broken for the Circumvention/Snowflake component.

comment:2 Changed 17 months ago by arlolra

Cc: arlolra cohosh dcf phw added
Keywords: arlolra cohosh dcf phw removed

comment:3 Changed 5 months ago by dcf

Description: modified (diff)
Status: newneeds_information
Summary: Share access to the Snowflake domain front CDN configurationShare access to the Snowflake broker domain front CDN configuration

I started looking into this. It is not easy to come to grips with all the Azure documentation, but I think what I have to do is:

  1. Add a new user to Azure Active Directory
  2. Give the new user a role assignment

I think the invited user can be any email address; it doesn't necessarily have to be a Microsoft account.

What I need at this point: email addresses from Snowflake maintainers that they want to use to manage the Azure CDN configuration. You can send it to me in private signed email.

Note: See TracTickets for help on using tickets.