Closed Bug 1140046 Opened 9 years ago Closed 6 years ago

docker-worker: Refactor encrypted environment variables

Categories

(Taskcluster :: Workers, defect)

Product:
Taskcluster
Component:
Workers
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: jonasfj, Unassigned)

References

Details

(Whiteboard: [docker-worker]) 

It's completely inconsistent that we're not using ISO date format in encrypt environment variable structure.
I suggest that we reshape it from:
{
  "messageVersion": "1",
  "taskId": "FsG6cmlQQeiQpEHtxhDfhg",
  "startTime": 1418146006679,
  "endTime": 1418146036679,
  "name": "SECRET_TOKEN",
  "value": "3214508af838345sdgt"
}
To something like this:
{
  "version":  1,
  "taskId":   "FsG6cmlQQeiQpEHtxhDfhg",
  "created":  '2015-03-05T19:14:08.155Z',
  "deadline": '2015-03-05T19:14:08.155Z',
  "key":      "SECRET_TOKEN",
  "value":    "<secret-text>"
}

It's a bit shorter and more obvious what the values should be. And we can
reuse utilities like taskcluster.fromNowJSON('2 days').

Note, start/end time should be created/deadline of the task. That's kind of
the only thing that makes sense, as you never what to run the task with an
encrypted env var that can't be decrypted.

Remark:
I know it's borderline crazy to completely break compatibility, but I think rail is the only one using the encrypted env vars. And we could maintain
backward compatibility too. But I'm not sure it worth it. after all it'll
break again when we start doing per workerType private keys.
Blocks: 1140057
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
Whiteboard: [docker-worker]
Component: Docker-Worker → Worker
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Component: Worker → Workers
You need to log in before you can comment on or make changes to this bug.