Closed
Bug 1235399
Opened 9 years ago
Closed 9 years ago
tc-proxy doesn't work with provisioner-provided temporary credentials
Categories
(Taskcluster :: Workers, defect)
Taskcluster
Workers
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: dustin, Assigned: pmoore)
References
Details
Attachments
(1 file)
tc-proxy only takes a clientId and an accessToken -- no cert. So it can't use the worker's temporary credentials to sign requests.
Assignee | ||
Comment 1•9 years ago
|
||
I've added support, but need to update the tests to also run using temp credentials. In order to update the tests though, I'll need to implement http://docs.taskcluster.net/auth/temporary-credentials/ in http://taskcluster.github.io/taskcluster-client-go first - so I'll create a bug for that and mark it as blocking this one.
You can still review if you like, or wait until I have more tests - depends on how urgently you need it.
Assignee | ||
Comment 2•9 years ago
|
||
Note, I logged in just now with login.taskcluster.net, and got myself some temporary credentials. I then used these for running the tests, and all the tests passed. \o/
We should still do this as part of the tests - but just so you know, it does seem to be working, even if we don't have unit tests yet.
(In reply to Pete Moore [:pmoore][:pete] from comment #1)
> ... so I'll create a bug for that and mark it as blocking this one.
Bug 1179789 already existed, so used that instead.
Assignee | ||
Comment 3•9 years ago
|
||
Note, if you merge this in, we should create a git tag for version 1.1.0 and also push a new version to dockerhub/quay etc.
Assignee | ||
Comment 4•9 years ago
|
||
(my intention for the unit tests is that we run all tests with permanent credentials, then generate temporary credentials, then run all the tests again, this time with the newly generated temporary credentials)
Reporter | ||
Comment 5•9 years ago
|
||
I actually need this *not* merged pretty urgently, due to bug 1235404. We need to solve that first, before un-breaking the proxy.
Reporter | ||
Updated•9 years ago
|
Attachment #8702639 -
Flags: review?(dustin) → review+
Assignee | ||
Comment 6•9 years ago
|
||
I've added tests for using temporary credentials. Can you take a look again?
Thanks!
Assignee | ||
Comment 7•9 years ago
|
||
Greg and Dustin are in favour of letting it burn. Let's just check if Jonas sees a need, otherwise let's burn it to the ground.
Flags: needinfo?(jopsen)
Assignee | ||
Comment 8•9 years ago
|
||
(In reply to Pete Moore [:pmoore][:pete] from comment #7)
> Greg and Dustin are in favour of letting it burn. Let's just check if Jonas
> sees a need, otherwise let's burn it to the ground.
WHOOPS - wrong bug - that was intended for bug 1235404.
PLEASE IGNORE! =)
Flags: needinfo?(jopsen)
Comment 9•9 years ago
|
||
Commits pushed to master at https://github.com/taskcluster/taskcluster-proxy
https://github.com/taskcluster/taskcluster-proxy/commit/bf31fe30744009ad251f93c493a1e7ce7737a47d
Bug 1235399 - enable tc-proxy to work with certificates
https://github.com/taskcluster/taskcluster-proxy/commit/988308c299482d0e052e82b53ae8ba04a4f3af96
Bug 1235399 - seems reasonable to bump the version number, and make it 3 numbers. Since supporting a new feature now (temp creds), bumped second number rather than third.
https://github.com/taskcluster/taskcluster-proxy/commit/8f9879626459b5a0f170537952da0f4e38706828
Bug 1235399 - seems reasonable to bump the version number, and make it 3 numbers. Since supporting a new feature now (temp creds), bumped second number rather than third.
https://github.com/taskcluster/taskcluster-proxy/commit/66dd5104e3cd95f88ace74884ff3117dfabd68f3
Merge pull request #8 from taskcluster/bug1235399
Bug 1235399 - enable tc-proxy to work with certificates
Assignee | ||
Updated•9 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 10•9 years ago
|
||
I've pushed a new release (3.0.3) to dockerhub:
https://hub.docker.com/r/taskcluster/taskcluster-proxy/tags/
Updated•6 years ago
|
Component: Docker-Worker → Workers
You need to log in
before you can comment on or make changes to this bug.
Description
•