Closed
Bug 1288051
Opened 8 years ago
Closed 7 years ago
Roles: provide a mechanism to search for roles that satisfy a given scope
Categories
(Taskcluster :: UI, defect)
Taskcluster
UI
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pmoore, Unassigned)
Details
Given a scope, optionally with a trailing '*', it should be possible to find all roles that provide that scope either directly or indirectly via expanded scopes. Personally I prefer creating an endpoint to provide this functionality so that tools can use this feature, rather than just interactive-users via a web interface. Also creating an endpoint rather than a client-side tool means the implementation can be much more efficient than requiring all roles to be transmitted over http and scopes expanded. Lastly it encourages consistency, since there would be only one canonical implementation. Ideally we'd create an endpoint that takes a list of scopes, and for each scope provided, returns a list of roles that satisfy that scope. We should also then provide a means to hit this endpoint via tools.taskcluster.net web interface on the roles page.
Comment 1•8 years ago
|
||
I don't think this should be in the auth service -- it's complicated enough already, and all of the information required to determine this is already easily available. I think this should be implemented client-side, preferably in tcadmin. Something like tcadmin has-scope 'aws-provisioner:manage-worker-type:garbage-*' ideally this would scan both clients and roles. The listRoles endpoint provides expanded role scopes, making this pretty lightweight. There's some complexity with the implementation, and a little ambiguity of meaning around * expansion in roles, but nothing too difficult.
Comment 2•7 years ago
|
||
It looks like https://tools.taskcluster.net/auth/scopes/ provides this?
Comment 3•7 years ago
|
||
Indeed, good eye!
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Component: Tools → UI and Tools
You need to log in
before you can comment on or make changes to this bug.
Description
•