Closed
Bug 1269443
Opened 3 years ago
Closed 3 years ago
Use auth.expandScopes before checking scope satisfaction
Categories
(Taskcluster :: Workers, defect)
Taskcluster
Workers
Not set
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla53
People
(Reporter: dustin, Assigned: dustin)
Details
(Whiteboard: [docker-worker])
Attachments
(1 file)
A task with
scopes: [
'assume:repo:hg.mozilla.org/try/*'
],
payload: {
caches: {
'level-1-try-tc-vcs-public-sources': '/home/worker-tc-vcs'
}
}
fails to start, I think because docker-worker is doing a local check for scope satisfaction that does not expand the role.
|
||
Updated•3 years ago
|
Whiteboard: [docker-worker]
|
|
||
Updated•3 years ago
|
Component: Docker-Worker → Worker
|
Assignee | |
Comment 1•3 years ago
|
||
https://github.com/taskcluster/docker-worker/pull/230
|
|
Assignee | |
Updated•3 years ago
|
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•3 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Updated•3 years ago
|
Assignee: nobody → dustin
|
|
Assignee | |
Comment 3•3 years ago
|
||
Hm, PR230 appears not to do the necessary: [taskcluster:error] Docker configuration could not be created. This may indicate an authentication error when validating scopes necessary for running the task. Error: Insufficient scopes to attach cache volumes. The task must have scope `docker-worker:cache:<cache-name>` for each cache in `payload.caches`. [taskcluster 2016-09-27 16:01:59.026Z] Unsuccessful task run with exit code: -1 completed in 1.021 seconds https://tools.taskcluster.net/task-inspector/#LlsW59VNQBShyXqQtofuuA/0 the try repo role has `docker-worker:cache:level-1-*`.
|
|
Assignee | |
Comment 4•3 years ago
|
||
| mozreview-review | ||
Comment on attachment 8795345 [details] Bug 1269443: remove now-unnecessary scopes; https://reviewboard.mozilla.org/r/81420/#review80070
Attachment #8795345 -
Flags: review-
|
|
Assignee | |
Updated•3 years ago
|
Attachment #8795345 -
Flags: review?(garndt)
|
|
Assignee | |
Comment 5•3 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=50f2a92f5c08
|
|
Assignee | |
Comment 6•3 years ago
|
||
OK, it's still broken :)
|
|
Assignee | |
Comment 7•3 years ago
|
||
Ah! PR230 appears not to have landed? Maybe I was just testing it in the ami-test workerType at the time. I know Greg's in the process of working on new deployments right now. Can you slide this patch in and we'll see if it improves things?
Flags: needinfo?(garndt)
|
|
Assignee | |
Comment 8•3 years ago
|
||
Greg, did this patch end up getting deployed?
|
||
Comment 9•3 years ago
|
||
There appeared to have been some issues with the original patch when I was deploying, and I have since reworked it and opened up a new PR. https://github.com/taskcluster/docker-worker/pull/259
Flags: needinfo?(garndt)
|
|
Assignee | |
Updated•3 years ago
|
Assignee: dustin → garndt
|
|
Assignee | |
Comment 10•3 years ago
|
||
From my testing, this is merged. I'll remove the workaround in-tree.
Assignee: garndt → dustin
|
|
Assignee | |
Comment 11•3 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=f15167a3c469
|
|
Assignee | |
Updated•3 years ago
|
Attachment #8795345 -
Flags: review- → review?(bstack)
|
||
Updated•3 years ago
|
Attachment #8795345 -
Flags: review?(bstack) → review+
|
|
Assignee | |
Comment 12•3 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/0ecee460f3858f310ec47a7bdf2e28de357e155f Bug 1269443: remove now-unnecessary scopes; r=bstack
|
||
Comment 13•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/0ecee460f385
Status: REOPENED → RESOLVED
Closed: 3 years ago → 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
|
||
Updated•8 months ago
|
Component: Worker → Workers
You need to log in
before you can comment on or make changes to this bug.
Description
•