docker-worker: Refactor encrypted environment variables

NEW
Unassigned

Status

Taskcluster
Worker
2 years ago
a year ago

People

(Reporter: jonasfj, Unassigned)

Tracking

Details

(Whiteboard: [docker-worker])

(Reporter)

Description

2 years ago
It's completely inconsistent that we're not using ISO date format in encrypt environment variable structure.
I suggest that we reshape it from:
{
  "messageVersion": "1",
  "taskId": "FsG6cmlQQeiQpEHtxhDfhg",
  "startTime": 1418146006679,
  "endTime": 1418146036679,
  "name": "SECRET_TOKEN",
  "value": "3214508af838345sdgt"
}
To something like this:
{
  "version":  1,
  "taskId":   "FsG6cmlQQeiQpEHtxhDfhg",
  "created":  '2015-03-05T19:14:08.155Z',
  "deadline": '2015-03-05T19:14:08.155Z',
  "key":      "SECRET_TOKEN",
  "value":    "<secret-text>"
}

It's a bit shorter and more obvious what the values should be. And we can
reuse utilities like taskcluster.fromNowJSON('2 days').

Note, start/end time should be created/deadline of the task. That's kind of
the only thing that makes sense, as you never what to run the task with an
encrypted env var that can't be decrypted.

Remark:
I know it's borderline crazy to completely break compatibility, but I think rail is the only one using the encrypted env vars. And we could maintain
backward compatibility too. But I'm not sure it worth it. after all it'll
break again when we start doing per workerType private keys.
(Reporter)

Updated

2 years ago
Blocks: 1140057
Component: TaskCluster → Docker-Worker
Product: Testing → Taskcluster
Whiteboard: [docker-worker]
Component: Docker-Worker → Worker
You need to log in before you can comment on or make changes to this bug.