We need to grant a few people access to the AWS provisioner. Sheriffs seem to not be able to see the provisioning stats so they can see if there's backlog. The sheriffs use the backlog informtion to determine whether we need to close the trees because jobs aren't being completed in a timely fashion. Is there a scope we can grant to sheriffs as a group? If there's a better way to find this information, please let us know! Here's the error Tomcat is getting: https://irccloud.mozilla.com/file/zxBNDfnN/Screen+Shot+2016-04-18+at+17.15.36.png
I believe access to https://tools.taskcluster.net/aws-provisioner/ is protected by scope aws-provisioner:view-worker-type:* which is currently not granted to sheriffs due to worker types containing secrets. Possible solutions are: 1) Wait until bug 1198391 lands. 2) Grant aws-provisioner:view-worker-type:* to sheriffs, and revoke this when it is no longer needed for the url above I haven't made this a duplicate of bug 1198391 in case we want an interim solution. However I think bug 1198391 is close to landing.
See Also: → bug 1198391
I'll mark this as a duplicate. We're already working on this. The backend work is now landed, so it just remains to do the frontend work. At that point, you'll be able to see the full list of workerTypes and their capacity info, even if you can't see or edit a specific workerType (which is also coming, but requires moving the secrets out first)
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1198391
I've merged Dustin's changes that should let us do this, but unfortunately the output doesn't validate.
You need to log in before you can comment on or make changes to this bug.