Closed
Bug 1347282
Opened 7 years ago
Closed 7 years ago
One-Click loaner gives me "Insufficient Scopes Error!"
Categories
(Taskcluster :: Operations and Service Requests, task)
Taskcluster
Operations and Service Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mjf, Assigned: garndt)
Details
This is from try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=ab190d5d9a8385266830a8c0226aeb6b5243c2f0&selectedJob=83495455 Then I selected one of the successful linux jobs, clicked "One Click Loaner" under "Job Details". After logging into the presented taskcluster page with my Mozilla ldap creds and clicking "One-Click Loaner", I get this: Insufficient Scopes Error! You do not have sufficient scopes. This request requires you to have one of the following sets of scopes: [ [ "queue:create-task:aws-provisioner-v1/gecko-1-b-macosx64" ], [ "queue:define-task:aws-provisioner-v1/gecko-1-b-macosx64", "queue:task-group-id:-/WnNt0ctkTbqVKCusZPe0-g", "queue:schedule-task:-/WnNt0ctkTbqVKCusZPe0-g/WnNt0ctkTbqVKCusZPe0-g" ] ] You only have the scopes: [ "assume:hook-id:garbage/", "assume:mozilla-group:IntranetWiki", "assume:mozilla-group:StatsDashboard", "assume:mozilla-group:all-moco-mofo@mozilla.com", "assume:mozilla-group:all-moco@mozilla.com", "assume:mozilla-group:corp-employees@mozilla.com", "assume:mozilla-group:corp-vpn", "assume:mozilla-group:irccloud", "assume:mozilla-group:irccloud-users@mozilla.com", "assume:mozilla-group:mreavy-directs@mozilla.com", "assume:mozilla-group:okta_mfa", "assume:mozilla-group:phonebook_access", "assume:mozilla-group:team_moco", "assume:mozilla-group:us-corp-employees@mozilla.com", "assume:mozilla-group:vpn_corp", "assume:mozilla-group:vpn_default", "assume:mozilla-user:mfroman@mozilla.com", "assume:project:taskcluster:tutorial", "assume:worker-id:", "auth:create-client:mozilla-ldap/mfroman@mozilla.com/", "auth:create-role:hook-id:garbage/", "auth:delete-client:mozilla-ldap/mfroman@mozilla.com/", "auth:delete-role:hook-id:garbage/", "auth:reset-access-token:mozilla-ldap/mfroman@mozilla.com/", "auth:update-client:mozilla-ldap/mfroman@mozilla.com/", "auth:update-role:hook-id:garbage/", "hooks:modify-hook:garbage/", "hooks:trigger-hook:garbage/", "queue:create-task:aws-provisioner-v1/b2gtest", "queue:create-task:aws-provisioner-v1/tutorial", "queue:get-artifact:private/", "queue:rerun-task", "queue:resolve-task", "scheduler:create-task-graph", "scheduler:extend-task-graph", "secrets:get:garbage/", "secrets:set:garbage/" ] In other words you are missing scopes from one of the options: Option 0: "queue:create-task:aws-provisioner-v1/gecko-1-b-macosx64" Option 1: "queue:define-task:aws-provisioner-v1/gecko-1-b-macosx64", and "queue:task-group-id:-/WnNt0ctkTbqVKCusZPe0-g", and "queue:schedule-task:-/WnNt0ctkTbqVKCusZPe0-g/WnNt0ctkTbqVKCusZPe0-g"
Assignee | ||
Comment 1•7 years ago
|
||
Are the credentials used to log into treeherder also tied to the credentials that you use to push to try? It appears that some of the groups that are added when you have scm level 1 access (try) are not added to the list of scopes you have here.
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → garndt
Status: NEW → ASSIGNED
Reporter | ||
Comment 2•7 years ago
|
||
Ooh - very possible that is the problem, because I didn't get level 1 access with my Moz email. Let me retry with my treeherder login.
Reporter | ||
Comment 3•7 years ago
|
||
Waiting on a greylisting issue to be resolved with my email host. At the moment, by the time I get the email with the code to login to taskcluster the code is no longer valid. Hoping to get this resolved later tonight. Sorry for the delay!
Comment 4•7 years ago
|
||
You need to login with Okta, not with email, to get sensitive access like this. The account you use to push to hg will work fine with Okta (it's not limited to @mozilla.com addresses).
Reporter | ||
Comment 5•7 years ago
|
||
Dustin - thank you for that tip! I would never have thought of crossing those 2 streams. ;-) Greg, Dustin - I was able to login and see the display and shell pages for a linux test. Thank you.
Assignee | ||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Comment 6•7 years ago
|
||
This will become clearer when we switch to using Auth0. Sorry for the confusion!
Updated•5 years ago
|
Component: Service Request → Operations and Service Requests
You need to log in
before you can comment on or make changes to this bug.
Description
•