Closed Bug 1290556 Opened 8 years ago Closed 8 years ago

Upload private symbols from @intel.com uploaders

Categories

(Socorro :: General, task)

Product:
Socorro
Component:
General
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: peterbe, Unassigned)

Details

Summary says it all :)

Up until now we've only had one exception and the code only allowed for 1. That was for a specific adobe.com email address going into org.mozilla.crash-stats.symbols-private.

The config now supports a comma separated list of `pattern:bucketname, ...`

I believe this config is the one we need it set:

consulate kv set socorro/webapp-django/SYMBOLS_BUCKET_EXCEPTIONS "*@adobe.com:org.mozilla.crash-stats.symbols-private *@intel.com:org.mozilla.crash-stats.symbols-private"
Ted, does that make sense to you? (Ignore some of the details). 

Basically, this::

  "*@adobe.com:org.mozilla.crash-stats.symbols-private *@intel.com:org.mozilla.crash-stats.symbols-private"

There isn't a specific Intel symbols bucket is there?
Flags: needinfo?(ted)
No, putting them both in the private symbols bucket should be fine. You said "comma separated list", but your example shows space-separated.
Flags: needinfo?(ted)
Ok. I've run this now::

[centos@prod-admin-i-ecb76837 ~]$ consulate kv set socorro/webapp-django/SYMBOLS_BUCKET_EXCEPTIONS "*@adobe.com:org.mozilla.crash-stats.symbols-private *@intel.com:org.mozilla.crash-stats.symbols-private tmielczarek@mozilla.com:org.mozilla.crash-stats.symbols-private"


Ted will test that the configuration takes effect correctly by doing an uploading using an auth-token (or web upload) under tmielczarek@mozilla.com.

If that works, I'll run it again and remove the tmielczarek@mozilla.com part.
Also, I don't know if you missed my comment, but in comment 0 you said "comma separated list", but your examples in comment 1 and comment 3 are space separated.
Thanks Ted for doing my job for me! :) Yes, it's supposed to be comma separated [0].
Also, I noticed that the way the code [1] works, if you STILL have SYMBOLS_BUCKET_EXCEPTIONS_USER and SYMBOLS_BUCKET_EXCEPTIONS_BUCKET that overrides anything else. :(
And we're still actively using that for the adobe hook-up. 

So I've taken care of that by deleting the old settings and setting the one new setting with commas. Now, when I print what Django picks up it seems to have worked as expected::

(socorro-virtualenv)[centos@prod-admin-i-ecb76837 webapp-django]$ envconsul -prefix socorro/common -prefix socorro/webapp-django python debugsettings-peterbe.py
SYMBOLS_BUCKET_EXCEPTIONS
{u'*@adobe.com': u'org.mozilla.crash-stats.symbols-private',
 u'*@intel.com': u'org.mozilla.crash-stats.symbols-private',
 u'tmielczarek@mozilla.com': u'org.mozilla.crash-stats.symbols-private'}


[0] https://github.com/mozilla/socorro/blob/be6a64db9a296c6fdbf335e5dc547bbd28698776/webapp-django/crashstats/settings/base.py#L636
[1] https://github.com/mozilla/socorro/blob/be6a64db9a296c6fdbf335e5dc547bbd28698776/webapp-django/crashstats/settings/base.py#L641-L657
I reuploaded that same symbols.zip and it looks like it has been properly placed in the private bucket:
https://crash-stats.mozilla.com/api/UploadedSymbols/?end_date=2016-08-16&start_date=2016-08-14&user_search=tmielczarek%40mozilla.com
Depends on: 1295154
I have for the moment undone the permission. Lonnen will follow up with a bug blockage about this. 
There's a more important discussion to be had about if the owners of the symbols understand how it gets used and exposed.
No longer depends on: 1295154
Sorry. The specific conversion about ACLs is in https://bugzilla.mozilla.org/show_bug.cgi?id=1290534
The functionality of directing *@intel.com uploads to private is done.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.