Closed Bug 1305415 Opened 9 years ago Closed 9 years ago

New role creation for shipit project

Categories

(Taskcluster :: General, defect)

Product:
Taskcluster
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: bastien, Assigned: dustin)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 Build ID: 20160728204513 Steps to reproduce: I'm working as a contractor on a project for the Release Management team under :Sylvestre & :garbas supervision. The project would need a new role (project:shipit:user) for its users. The users will need scopes to: * access bug analysis (project:shipit/analysis/*) * store & retrieve bugzilla credentials in TC secrets (project:shipit/bugzilla/* & secrets:get:project:shipit/bugzilla/* & secrets:set:project:shipit/bugzilla/* ) Actual results: I don't have the scope to create a new role on my account (persona/bastien@nextcairn.com) Expected results: I would need the necessary scope to create a new role, or a TC admin to create the role and add it my account.
Assignee: nobody → dustin
Sorry this took so long -- I was on a mobile device when you asked in irc, and then I missed the bug email :( I have created a new project role (project-admin:shipit) and given you that role: https://tools.taskcluster.net/auth/roles/#assume:mozillians-user:bastien.abadie Among other things, that gives you: secrets:{get,set}:project/shipit/* -- so you can manage the secrets auth:...-role:project:shipit:* -- so you can manage roles with the "project:shipit:" prefix and assign them whatever detailed scopes you would like project:shipit:* -- so you can grant that scope to roles as necessary Hopefully that's enough? Please let me know if you need more. Also, if you shouldn't be a project admin (and/or Garbas or Sylvestre should?) let me know and I can switch that up, too. We can also make members of LDAP and/or Mozillians groups project members or admins.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Thank you Dustin for your help. As the project has not reached production yet, i need the admin role to create & tweak roles. I'll let you know when Sylvestre should take over.
You need to log in before you can comment on or make changes to this bug.