Closed
Bug 1137821
Opened 11 years ago
Closed 10 years ago
docker-worker: Workers should not have credentials with the '*' scope
Categories
(Taskcluster :: Workers, defect)
Taskcluster
Workers
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jonasfj, Unassigned)
References
Details
docker-worker currently requires the '*' scope, in order to:
A) work the with queue, and
B) authenticate requests based on `task.scopes` in the auth-proxy.
We can avoid this, by having the provisioner issue temporary credentials with scopes for (A), see bug 1093291.
And to authenticate requests based on `task.scopes` (as the auth-proxy does),
we can have the queue return temporary credentials covering `task.scopes` when
we (re)claim a task. See bug 1134342.
|
Reporter | |
Updated•11 years ago
|
Blocks: tc-scope-lockdown
|
||
Updated•10 years ago
|
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
|
||
Comment 1•10 years ago
|
||
Fixed the last of this in bug 1218512.
|
|
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•7 years ago
|
Component: Docker-Worker → Workers
You need to log in
before you can comment on or make changes to this bug.
Description
•