"Taskcluster: You do not have sufficient scopes. ..." when trying to manually add (trigger) a single job on try

RESOLVED FIXED

Status

Taskcluster
Login
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: mayhemer, Unassigned)

Tracking

Details

(Reporter)

Description

a year ago
Logged in as hbambas at mozilla.com, this used to work (not sure how long ago, a month or so..).

The whole message is:

Taskcluster: You do not have sufficient scopes. This request requires you to have one of the following sets of scopes: [ [ "queue:create-task:aws-provisioner-v1/gecko-decision" ], [ "queue:define-task:aws-provisioner-v1/gecko-decision", "queue:task-group-id:gecko-level-1/SSGabY1KTsq2_k_ov1W97w", "queue:schedule-task:gecko-level-1/SSGabY1KTsq2_k_ov1W97w/SSGabY1KTsq2_k_ov1W97w" ] ] You only have the scopes: [ "assume:hook-id:garbage/*", "assume:mozilla-group:IntranetWiki", "assume:mozilla-group:StatsDashboard", "assume:mozilla-group:all-moco-mofo@mozilla.com", "assume:mozilla-group:all-moco@mozilla.com", "assume:mozilla-group:corp-contractors@mozilla.com", "assume:mozilla-group:corp-vpn", "assume:mozilla-group:eu-corp-contractors@mozilla.com", "assume:mozilla-group:eu@mozilla.com", "assume:mozilla-group:jduell-directs@mozilla.com", "assume:mozilla-group:okta_mfa", "assume:mozilla-group:phonebook_access", "assume:mozilla-group:team_moco", "assume:mozilla-group:vpn_cloudops_webpagetest", "assume:mozilla-group:vpn_corp", "assume:mozilla-group:vpn_default", "assume:mozilla-user:hbambas@mozilla.com", "assume:mozillians-user:mayhemer", "assume:project:taskcluster:tutorial", "assume:worker-id:*", "auth:create-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:create-role:hook-id:garbage/*", "auth:delete-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:delete-role:hook-id:garbage/*", "auth:reset-access-token:mozilla-ldap/hbambas@mozilla.com/*", "auth:update-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:update-role:hook-id:garbage/*", "hooks:modify-hook:garbage/*", "hooks:trigger-hook:garbage/*", "queue:create-task:aws-provisioner-v1/b2gtest", "queue:create-task:aws-provisioner-v1/tutorial", "queue:get-artifact:private/*", "queue:rerun-task", "queue:resolve-task", "scheduler:create-task-graph", "scheduler:extend-task-graph", "secrets:get:garbage/*", "secrets:set:garbage/*" ] In other words you are missing scopes from one of the options: * Option 0: - "queue:create-task:aws-provisioner-v1/gecko-decision" * Option 1: - "queue:define-task:aws-provisioner-v1/gecko-decision", and - "queue:task-group-id:gecko-level-1/SSGabY1KTsq2_k_ov1W97w", and - "queue:schedule-task:gecko-level-1/SSGabY1KTsq2_k_ov1W97w/SSGabY1KTsq2_k_ov1W97w" 


Result: can't trigger jobs on try.  What do I have to do?
It doesn't look like that account has commit privileges.  You'll need to login with the account you use to commit with.
(Reporter)

Comment 2

a year ago
My commit access is bound to my bugzilla email.  No idea how to log into tuskcluster with that.

Probably best would be to ask commit rights for my LDAP bound email.

It can't just be easy....
Commit access is governed by LDAP, so the account definitely exists in LDAP.  You may just need to figure out the password for it, through the forgotten-password process.

You might also consider just merging the two LDAP accounts?
(Reporter)

Comment 4

a year ago
(In reply to Dustin J. Mitchell [:dustin] from comment #3)
> Commit access is governed by LDAP, so the account definitely exists in LDAP.
> You may just need to figure out the password for it, through the
> forgotten-password process.

Will try.  It's nearly a 10 years old account :)

> 
> You might also consider just merging the two LDAP accounts?

If that's possible, it might be the best option.

Thanks.
No problem.  I'm not an LDAP admin, so that's about all I can do for you :/
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.