Closed Bug 1057125 Opened 10 years ago Closed 10 years ago

Create OAuth credentials for Loop in stage and prod

Categories

(Cloud Services :: Operations: Miscellaneous, task)

Product:
Cloud Services
Component:
Operations: Miscellaneous
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: smcarthur, Assigned: ckolos)

References

Details

(Whiteboard: [qa+]) 

client_id: "ae6d64798e60265b"
client_secret: <generate 32-byte hex>
image_uri: ""
whitelisted: true
canGrant: false
redirect_uri: "urn:ietf:wg:oauth:2.0:fx:webchannel"
are you gen'ing the secret or do you need me to?
Assignee: nobody → ckolos
I think these are all the steps:
* deploy STAGE Oauth with generated creds
* deploy PROD Oauth with generated prod creds
* deploy STAGE Loop server with generated stage creds
* deploy PROD Loop server with generated prod creds

Ideally this happens by 8/29 prior to when OAuth Loop goes live in nightly on 9/2
@ckolos: I assumed you would, so as not to share the secrets elsewhere. If I do (I don't mind), I'll need to mark this bug private.
Whiteboard: [qa+]
looks like there's a new parameter to the account config: canGrant  . Is that supported in the current prod version of the app?
Summary: Create OAuth credentials for Loop in stage → Create OAuth credentials for Loop in stage and prod
Blocks: 979845
Flags: needinfo?(smcarthur)
> looks like there's a new parameter to the account config: canGrant  . Is that supported in the current prod version of the app?

Yes, that is supported in the 0.19.0 or 0.20.0 versions of oauth, and the column is in the stage database. 
However, is there an open ticket to do that alter table in production?
:jrgm, there is not.
also, I would prefer that we roll the Loop creds with the OAuth prod deployment that includes the DB alter. Since stage is testing against the Prod DB, it makes more sense to me to only add the creds once with all fields included rather than add them when missing the canGrant field.
also, :ckarlof, are the loop prod cred/data the same minus the pw or are there imageurl/redirecturi differences?
Flags: needinfo?(ckarlof)
Flags: needinfo?(smcarthur)
:ckolos - hey, do you also have new creds in hiera for stage?
:jrgm I'm confused... I thought stage was using the prod OAuth db instance
:ckolos stage, as in oauth.stage.mozaws.net, is definitely not talking to a prod database (the hostname says stage, the data all has names like 'Identity STAGE', in credentials in a config file named 'stage.json').
:ckolos, client_secret is the only thing that needs to change between the different deployments.
Flags: needinfo?(ckarlof)
:ckolos, regarding your prod/stage question,

You're correct that staging deployments of our *reliers* (e.g, Loop, FMD) will use the prod deployment/DB of OAuth, but our own staging deployment of OAuth is isolated from prod and has its own test reliers.
creds for loop-stage-really-in-stage and loop-stage-really-in-prod have been added to the manifests and are awaiting the deployment this week for oauth.
Blocks: 1059380
oauth train-20 has been deployed and these new creds are now live.
:deanw will take care getting the secrets to the necessary folks
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Chris,

We're having a bug in Loop prod where during the FxA login is showing the name "Loop Stage". The client_id is "ae6d64798e60265b". Either the Loop OAuth config for "ae6d64798e60265b" has the wrong name configured (it currently says "Loop Stage").

The final product name is "Firefox Hello" so the *production credentials* for "Loop" needs to be updated to that. However, it's not clear if production OAuth creds for Loop were ever created:

> creds for loop-stage-really-in-stage and loop-stage-really-in-prod have been added to the manifests and are awaiting the deployment this week for oauth.

In this language, what I'm asking for is "loop-prod-really-in-prod" credentials, with the name configured as "Firefox Hello". If those already exist, the Loop production server is not configured to use them.
Flags: needinfo?(ckolos)
> We're having a bug in Loop prod where during the FxA login is showing the name "Loop Stage". The client_id is "ae6d64798e60265b". Either the Loop OAuth config for "ae6d64798e60265b" has the wrong name configured (it currently says "Loop Stage").

should read:

We're having a bug in Loop prod where during the FxA login is showing the name "Loop Stage". The client_id is "ae6d64798e60265b".
Blocks: 1063262
:ckarlof as we discussed just now, no, the final-production creds had not yet been created. I have created them for the "Firefox Hello" product and updated the server/DB. as before, :dwilson can get the "Firefox Hello" creds to the correct people.
Flags: needinfo?(ckolos) → needinfo?(dwilson)
:bobm is taking care of this for dwilson.
Flags: needinfo?(dwilson)
(In reply to Chris Kolosiwsky [:ckolos] from comment #20)
> :bobm is taking care of this for dwilson.

An updated config has been pushed to production.
Waiting to verify configs next before marking this bug Verified.
Verified the new credentials withing configs and yamls.
Thanks to OPs for helping with this.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.