Closed
Bug 1137821
Opened 9 years ago
Closed 9 years ago
docker-worker: Workers should not have credentials with the '*' scope
Categories
(Taskcluster :: Workers, defect)
Taskcluster
Workers
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jonasfj, Unassigned)
References
Details
docker-worker currently requires the '*' scope, in order to: A) work the with queue, and B) authenticate requests based on `task.scopes` in the auth-proxy. We can avoid this, by having the provisioner issue temporary credentials with scopes for (A), see bug 1093291. And to authenticate requests based on `task.scopes` (as the auth-proxy does), we can have the queue return temporary credentials covering `task.scopes` when we (re)claim a task. See bug 1134342.
Reporter | ||
Updated•9 years ago
|
Blocks: tc-scope-lockdown
Updated•9 years ago
|
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
Comment 1•9 years ago
|
||
Fixed the last of this in bug 1218512.
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Component: Docker-Worker → Workers
You need to log in
before you can comment on or make changes to this bug.
Description
•