Objective AU-5: develop schedule for Keycloak integration, deployment and testing

[baswinasa]

We would like to present a full Auth integration, deployment and testing schedule during HQ visit on Feb 5, 2025, ahead of the PI planning documents. An estimate of the completion dates of each tasks below is needed.

Please write a comment on the estimated dates you believe is we could start working on each items below and when they will be completed, or if you thought have a suggestion on the schedule.

Schedule

• Objective AU-1: Setup a production environment
• Objective AU-2: Create maintenance and configuration guidelines
  • AU-2.1.1: The guideline documentation for Jupyter Hub is shared for review
  • AU-2.1.2: The guideline documentation for STAC is shared for review
  • AU-2.1.3: The guideline documentation for Grafana is shared for review
  • AU-2.2.1: The guideline documentation for Grafana is reviewed and published
  • AU-2.2.2: The guideline documentation for Jupyter Hub is reviewed and published
  • AU-2.2.3: The guideline documentation for STAC is reviewed and published
• Objective AU-3: Integrate auth into applications |  
  • AU-3.1: connect Grafana with Keycloak
  • AU-3.2: end user test of Grafana Keycloak
  • AU-3.3: connect VEDA Jupyter Hub with Keycloak
  • AU-3.4: end user test of VEDA Jupyter Hub Keycloak
  • AU-3.5: Connect STAC with Keycloak
  • AU-3.6: end-user test of STAC Keycloak

[alukach]

@baswinasa Here's my first pass of estimations for execution time for the above mentioned work. My thinking is that we would likely want to write documentation directly after integrating a service. Tasks like end user testing of a service can be done in parallel with writing documentation about a service (likely by different parties). I imagine that there would be two developers working on this, likely each dedicating 20hrs / week to this work.

Code	Description	Weeks	Est Start Date	Est End Date	Issue
AU-1	Setup a production environment	5	In Progress	Feb 28, 2025	#15
AU-2	Create maintenance and configuration guidelines	7	Mar 17, 2025	May 9, 2025	#16
AU-3	Integrate auth into applications	8	Mar 3, 2025	May 2, 2025	#17
AU-3.1	connect Grafana with Keycloak	2	Mar 3, 2025	Mar 14, 2025
AU-3.2	end user test of Grafana Keycloak	1	Mar 17, 2025	Mar 21, 2025
AU-2.1.3	The guideline documentation for Grafana is shared for review	2	Mar 17, 2025	Mar 28, 2025
AU-2.2.1	The guideline documentation for Grafana is reviewed and published	1	Mar 31, 2025	Apr 4, 2025
AU-3.5	Connect STAC with Keycloak	1	Mar 31, 2025	Apr 4, 2025
AU-3.6	end user test of STAC Keycloak	1	Apr 7, 2025	Apr 11, 2025
AU-2.1.2	The guideline documentation for STAC is shared for review	1	Apr 7, 2025	Apr 11, 2025
AU-2.2.3	The guideline documentation for STAC is reviewed and published	1	Apr 14, 2025	Apr 18, 2025
AU-3.3	connect VEDA Jupyter Hub with Keycloak	2	Apr 14, 2025	Apr 25, 2025
AU-3.4	end user test of VEDA Jupyter Hub Keycloak	1	Apr 28, 2025	May 2, 2025
AU-2.1.1	The guideline documentation for Jupyter Hub is shared for review	1	Apr 28, 2025	May 2, 2025
AU-2.2.2	The guideline documentation for Jupyter Hub is reviewed and published	1	May 5, 2025	May 9, 2025

[baswinasa]

@j08lue @alukach should we have the maintenance & guideline drafted before end user testing, so we can test if the guideline is clear to the users meaning should we have an overlap between testing and having the guide ready for review?

[baswinasa]

@lahirujayathilake can you confirm that you can contribute as the second dev "dedicating 20hrs / week to this work" during the time period?

[j08lue]

should we have the maintenance & configuration guideline drafted before end user testing

As I understand it, the maintenance & configuration guidelines are for maintainers of a service, who wish to integrate VEDA Auth into their service. So the guidelines are not for the end user.

The guidelines will reference the applications we integrate - Grafana, STAC API (a Python FastAPI application), JupyterHub, etc. - as examples for different kinds of services and auth flows.

Based on the above, I think the order @alukach proposed makes sense.

[j08lue]

Regarding the upcoming presentation of our plans this week, @baswinasa, I think the above plan is our best estimate at this point. It should be noted that we added some buffer to the estimates to account for uncertainty. Hopefull, we will move a lot faster than described.

When sharing this, I would probably focus on the high-level objectives:

1. AU-1: Set up a production-grade, GitOps-managed KeyCloak service
2. AU-2: Document how to integrate VEDA auth services into several different types of applications
3. AU-3: Integrate auth into priority applications on the VEDA platform and use the experience to build out the integration guidelines

Our goal is to have a simple, community-maintained open-source based, well-documented and transparently managed service, where application providers can see how to integrate authentication and authorization into their application and follow the process as their request gets processed. For reference, this is the same model as 2i2c chose for providing JupyterHub as a aservice (see public configuration and pipelines at https://github.com/2i2c-org/infrastructure).