Closed
Bug 1097780
Opened 10 years ago
Closed 6 years ago
python-client: Figure out temporary credentials issue in taskcluster-client.py
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jhford, Unassigned)
References
Details
Temporary credential generation doesn't work properly in the Python client for Taskcluster. I'm not 100% sure why, as the data generated by the Python client is seemingly equivalent to that generated by the JS client. Once the UUID routine is modified to return a constant string, the exact same access token is generated. The only differences I see are the ordering of the JSON contained in the returned credentials.
Reporter | ||
Comment 1•10 years ago
|
||
See https://github.com/jhford/taskcluster-client.py/commit/cd70ad535a0cc8d597e9cbe38c5409946dee0c5e for more details
Updated•9 years ago
|
Summary: Figure out temporary credentials issue in taskcluster-client.py → python-client: Figure out temporary credentials issue in taskcluster-client.py
Updated•9 years ago
|
Component: TaskCluster → General
Product: Testing → Taskcluster
Updated•9 years ago
|
Component: General → Client Libraries
Comment 2•9 years ago
|
||
I can also have a look at this when I work on bug 1179789. Maybe I'll hit the same issue!
See Also: → 1179789
Comment 3•9 years ago
|
||
https://github.com/jhford/taskcluster-client.py/blob/cd70ad535a0cc8d597e9cbe38c5409946dee0c5e/taskcluster/client.py#L526 looks suspicious - I think scopes here is an array, but http://docs.taskcluster.net/auth/temporary-credentials/#signature-generation says each scope should be on a new line. I'll add some debugging to check...
Comment 4•9 years ago
|
||
Oh I am dumb! As soon as I submitted that, I spotted the scopes sit inside the join method, not outside it. Whoops. Ignore comment 3!
Comment 5•9 years ago
|
||
So I looked at this too, and reached the same conclusion, I get e.g.: taskcluster-client: { "clientId": "clientId", "accessToken": "AKUz6E8M1x2DoJFxL2oey0GUZwIg5bITKfYrx9K6xH8", "certificate": "{\"version\":1,\"scopes\":[\"auth:credentials\"],\"start\":1415741173,\"expiry\":1415741173,\"seed\":\"MkT8gE3gRgOzM1Z3Ai_ilwZBqX-G9mQkyCM_EB-CSMqw\",\"signature\":\"zBRvaGBIik7W4Ts9gzUuJ40mEW1X/Gi70ys6ekMEFT4=\"}" } taskcluster-client.py: { "certificate": "{\"scopes\":[\"auth:credentials\"],\"version\":1,\"expiry\":1415741173,\"start\":1415741173,\"seed\":\"MkT8gE3gRgOzM1Z3Ai_ilwZBqX-G9mQkyCM_EB-CSMqw\",\"signature\":\"zBRvaGBIik7W4Ts9gzUuJ40mEW1X/Gi70ys6ekMEFT4=\"}", "accessToken": "AKUz6E8M1x2DoJFxL2oey0GUZwIg5bITKfYrx9K6xH8", "clientId": "clientId" } They are indeed the same objects, but the ordering is different. I don't think this is a problem though. Do the properties need to appear in a given order?
Flags: needinfo?(jhford)
Comment 6•9 years ago
|
||
The json spec (http://www.json.org/) says: "An object is an unordered set of name/value pairs." So I think by definition the orders should not matter. I did spot one anomaly though: in the javascript implementation, if start is not specified, the current timestamp is used. However, in the python library, the now variable is generated, but never used[2]. 1: https://github.com/taskcluster/taskcluster-client/blob/b9d45bc23b8755bec792138b9b2458a08bd49cd5/lib/client.js#L584-L591 2: https://github.com/taskcluster/taskcluster-client.py/blob/694f3b2bfba3ee04497e8b3cbf017c44c5e2ca0a/taskcluster/client.py#L519-L520
Reporter | ||
Comment 7•9 years ago
|
||
(In reply to Pete Moore [:pmoore][:pete] from comment #6) > "An object is an unordered set of name/value pairs." > > So I think by definition the orders should not matter. I wouldn't put much stock in JSON implementers all adhering to the spec sadly. It could be that this is being parsed by a dumb/bad json parser, or not even a json parser at all. I don't know the details. I think that sadly the next step here is to use a formatter and spit out exactly the JSON we need, sadly. Yuck! > I did spot one anomaly though: in the javascript implementation, if start is > not specified, the current timestamp is used. However, in the python > library, the now variable is generated, but never used[2]. Hmm, the start parameter is not a kwarg, so it has to be passed. I guess it could be passed as None and we should use now in that case. I remember this failing with an explicit 'start' param being passed in.
Flags: needinfo?(jhford)
Comment 8•9 years ago
|
||
So you guys should probably look at the logs for the service you are hitting, check the error message: https://github.com/taskcluster/taskcluster-base/blob/master/api.js#L145-L225 In taskcluster-client I debug with a local node server, so it's easy to get errors. But if you use something low traffic like auth it should be easy to find the error message.
Comment 9•6 years ago
|
||
I think this was fixed long ago..
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Component: Client Libraries → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•