Closed Bug 1235399 Opened 9 years ago Closed 9 years ago

tc-proxy doesn't work with provisioner-provided temporary credentials

Categories

(Taskcluster :: Workers, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: dustin, Assigned: pmoore)

References

Details

Attachments

(1 file)

tc-proxy only takes a clientId and an accessToken -- no cert. So it can't use the worker's temporary credentials to sign requests.
I've added support, but need to update the tests to also run using temp credentials. In order to update the tests though, I'll need to implement http://docs.taskcluster.net/auth/temporary-credentials/ in http://taskcluster.github.io/taskcluster-client-go first - so I'll create a bug for that and mark it as blocking this one. You can still review if you like, or wait until I have more tests - depends on how urgently you need it.
Assignee: nobody → pmoore
Status: NEW → ASSIGNED
Attachment #8702639 - Flags: review?(dustin)
Depends on: 1179789
Note, I logged in just now with login.taskcluster.net, and got myself some temporary credentials. I then used these for running the tests, and all the tests passed. \o/ We should still do this as part of the tests - but just so you know, it does seem to be working, even if we don't have unit tests yet. (In reply to Pete Moore [:pmoore][:pete] from comment #1) > ... so I'll create a bug for that and mark it as blocking this one. Bug 1179789 already existed, so used that instead.
Note, if you merge this in, we should create a git tag for version 1.1.0 and also push a new version to dockerhub/quay etc.
(my intention for the unit tests is that we run all tests with permanent credentials, then generate temporary credentials, then run all the tests again, this time with the newly generated temporary credentials)
I actually need this *not* merged pretty urgently, due to bug 1235404. We need to solve that first, before un-breaking the proxy.
Attachment #8702639 - Flags: review?(dustin) → review+
I've added tests for using temporary credentials. Can you take a look again? Thanks!
Greg and Dustin are in favour of letting it burn. Let's just check if Jonas sees a need, otherwise let's burn it to the ground.
Flags: needinfo?(jopsen)
(In reply to Pete Moore [:pmoore][:pete] from comment #7) > Greg and Dustin are in favour of letting it burn. Let's just check if Jonas > sees a need, otherwise let's burn it to the ground. WHOOPS - wrong bug - that was intended for bug 1235404. PLEASE IGNORE! =)
Flags: needinfo?(jopsen)
Commits pushed to master at https://github.com/taskcluster/taskcluster-proxy https://github.com/taskcluster/taskcluster-proxy/commit/bf31fe30744009ad251f93c493a1e7ce7737a47d Bug 1235399 - enable tc-proxy to work with certificates https://github.com/taskcluster/taskcluster-proxy/commit/988308c299482d0e052e82b53ae8ba04a4f3af96 Bug 1235399 - seems reasonable to bump the version number, and make it 3 numbers. Since supporting a new feature now (temp creds), bumped second number rather than third. https://github.com/taskcluster/taskcluster-proxy/commit/8f9879626459b5a0f170537952da0f4e38706828 Bug 1235399 - seems reasonable to bump the version number, and make it 3 numbers. Since supporting a new feature now (temp creds), bumped second number rather than third. https://github.com/taskcluster/taskcluster-proxy/commit/66dd5104e3cd95f88ace74884ff3117dfabd68f3 Merge pull request #8 from taskcluster/bug1235399 Bug 1235399 - enable tc-proxy to work with certificates
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
I've pushed a new release (3.0.3) to dockerhub: https://hub.docker.com/r/taskcluster/taskcluster-proxy/tags/
Component: Docker-Worker → Workers
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: