Access is via LDAP groups. Currently the Admins group is mapped to the "main" (aka admin) concourse team.
The instance is here: https://concourse.lan.london.hackspace.org.uk/
The web interface is *very* minimal, intended only really as a dashboard. The real work is done with the Fly cli tool.
Quick Usage Guide
This needs to be improved, but here's a primer for the curious:
This example logs into the "acserver" team and names the target "lhs"
fly --target lhs login --concourse-url https://concourse.lan.london.hackspace.org.uk --team-name acserver
after running this, you are asked to go to the website to log in.
Seeing if you are logged in
fly -t lhs status
See the running workers
Concourse requires worker nodes. Currently, the web node is also a (the only) worker. To see this:
fly --target lhs workers
When adding a team, it is useful to specify in some detail what permissions the various groups in LDAP have. For example, the following example allows the Admins group full access, while the Members group only has read access
roles: - name: owner ldap: groups: ["Admins"] - name: viewer ldap: groups: ["Members"]
Assuming this file was saved as acserver-team.yml, a team could be created with:
fly --target lhs set-team --team-name acserver -c acserver-team.yml
Note: After adding a new team, it may be necessary to log out of the web interface then back in to gain access