Closed
Bug 1286894
Opened 9 years ago
Closed 7 years ago
Enable Treeherder to add new TC jobs for non try repositories
Categories
(Testing :: General, defect, P3)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: martianwars, Unassigned, Mentored)
References
Details
This will be a follow up to Bug 1284911, once that's fixed.
|
Reporter | |
Comment 1•9 years ago
|
||
This should be fairly straightforward to fix. Just remove the condition from https://github.com/mozilla/treeherder/blob/master/ui/js/models/resultsets_store.js#L330
However, an RRA is needed before this can proceed.
|
||
Comment 2•9 years ago
|
||
(In reply to Kalpesh Krishna [:martianwars] from comment #1)
> However, an RRA is needed before this can proceed.
Presuming "RRA" ([1]) wasn't a typo, then this needs blocking on the pulse actions side asap until that happens. A UI-only conditional isn't a security measure - people can submit arbitrary requests to the API regardless.
Armen, can you confirm either way?
[1] https://wiki.mozilla.org/Security/Risk_management/Rapid_Risk_Assessment
Flags: needinfo?(armenzg)
|
|
Reporter | |
Comment 3•9 years ago
|
||
Yeah I completely agree with Ed. There should be a condition to block this on Pulse Actions. Should be a straightforward fix.
|
||
Comment 5•9 years ago
|
||
There's still a limitation in plce here: pulse_actions' scopes would prevent creation of an action task for any repo other than try (in particular, any non-level-1 repo)
https://tools.taskcluster.net/auth/clients/#project%252fateam%252fpulse_actions
assume:repo:hg.mozilla.org/try:*
auth:aws-s3:read-write:tc-gp-public-31d/ateam/pulse-action-dev/*
queue:create-task:*
queue:define-task:*
scheduler:create-task-graph
scheduler:extend-task-graph
but it would be good for pulse_actions to give a useful error back to the user rather than rely on the scopes to fail.
|
|
||
Comment 6•9 years ago
|
||
Ah so comment 1 really meant "an RRA is needed prior to adjusting the scopes being used by pulse_actions, which will be performed in a yet-to-be-filed bug that will be marked blocking this one" (or similar).
Glad to hear :-)
|
||
Comment 7•9 years ago
|
||
Fixed in the code as well in bug 1288092.
|
||
Comment 9•8 years ago
|
||
this is broken and now that SETA is enabled we are looking to turn it off *again*.
Do we need to do work in treeherder to fix this?
Flags: needinfo?(emorley)
|
|
||
Comment 10•8 years ago
|
||
Unofortunately I have no idea how most of this implementation is meant to work, whether it's currently working or what next steps are. Armen would be the one to speak to.
Flags: needinfo?(emorley)
|
|
Reporter | |
Comment 11•8 years ago
|
||
If I remember correctly, there was a UI check here to prevent non-try jobs from being added. https://github.com/mozilla/treeherder/blob/master/ui/js/models/resultsets_store.js#L338. I don't quite remember if I'd added anything on the TaskCluster side.
Of course, I don't know how relevant this is now.
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
|
||
Comment 12•7 years ago
|
||
This was fixed a while ago.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•