1265514 - Access to AWS provisioner for sheriffing

Status: RESOLVED DUPLICATE of bug 1198391

(Taskcluster :: Operations and Service Requests, task)

Description

[Selena Deckelmann :selenamarie :selena]

We need to grant a few people access to the AWS provisioner. 

Sheriffs seem to not be able to see the provisioning stats so they can see if there's backlog.  The sheriffs use the backlog informtion to determine whether we need to close the trees because jobs aren't being completed in a timely fashion.  Is there a scope we can grant to sheriffs as a group?

If there's a better way to find this information, please let us know!

Here's the error Tomcat is getting: https://irccloud.mozilla.com/file/zxBNDfnN/Screen+Shot+2016-04-18+at+17.15.36.png

Comment 1

[Pete Moore [:pmoore][:pete]]

I believe access to https://tools.taskcluster.net/aws-provisioner/ is protected by scope aws-provisioner:view-worker-type:* which is currently not granted to sheriffs due to worker types containing secrets. Possible solutions are:

1) Wait until bug 1198391 lands.
2) Grant aws-provisioner:view-worker-type:* to sheriffs, and revoke this when it is no longer needed for the url above

I haven't made this a duplicate of bug 1198391 in case we want an interim solution. However I think bug 1198391 is close to landing.

Comment 3

[Dustin J. Mitchell [:dustin] (he/him)]

I'll mark this as a duplicate.  We're already working on this.  The backend work is now landed, so it just remains to do the frontend work.  At that point, you'll be able to see the full list of workerTypes and their capacity info, even if you can't see or edit a specific workerType (which is also coming, but requires moving the secrets out first)

Comment 4

[John Ford [:jhford] CET/CEST Berlin Time]

I've merged Dustin's changes that should let us do this, but unfortunately the output doesn't validate.