I want to create a client with appropriate scopes for bug 1282180. This client would be used with the amiyaguchi/nightly-fennec/mozilla-central hook. This new client for fennec nightlies should be able create the decision task and sign and upload build binaries from scriptworker, using mozilla-central as the base repository. In addition, this client should have access to a dummy signing worker. I currently have a worker that requires queue:create-task:scriptworker-prov-v1/dummy-worker-miya1. I think some form of the project/taskcluster/mozilla-taskcluster/staging client scopes with modifications would be appropriate for this hook. These are listed below: > assume:repo:hg.mozilla.org/* > assume:scheduler-id:task-graph-scheduler/* > queue:cancel-task > scheduler:create-task-graph The following scopes are required by the dummy signing script under scriptworker: > queue:create-task:scriptworker-prov-v1/dummy-worker-miya1 > project:releng:signing:cert:dep-signing scopes
It seems that this should have fewer repo scopes than * -- I assume nightlies are built from mozilla-central, so it seems that assume:repo:hg.mozilla.org/mozilla-central would be better. The scheduler- and queue-related scopes I will leave to Jonas's discretion. I imagine this client will not be cancelling anything, and won't be using the task-graph-scheduler, so I expect they are all not required.
Oh, and what would you like this client to be called? It may be best to create the client (project/releng/<something>) and then Jonas or I can add any required scopes to it which you don't possess.
Limiting it now and adding scopes as needed sounds good. I don't know what the minimum set of required scopes are for this project so I just listed a very broad set of them. There will probably be a few more additions for the balrog upload scriptworker too. I think project/releng/nightly-fennec/development would be a good name.
As this is for development and amiyaguchi isn't the releng LDAP group, we had to do personally assigned scopes.... Following role was created: https://tools.taskcluster.net/auth/roles/#mozilla-user:email@example.com @amiyaguchi, please remind us to clean this up some day, enjoy.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.