Closed Bug 1351060 Opened 7 years ago Closed 7 years ago

"Taskcluster: You do not have sufficient scopes. ..." when trying to manually add (trigger) a single job on try

Categories

(Taskcluster :: Services, defect)

Product:
Taskcluster
Component:
Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mayhemer, Unassigned)

Details

Logged in as hbambas at mozilla.com, this used to work (not sure how long ago, a month or so..).

The whole message is:

Taskcluster: You do not have sufficient scopes. This request requires you to have one of the following sets of scopes: [ [ "queue:create-task:aws-provisioner-v1/gecko-decision" ], [ "queue:define-task:aws-provisioner-v1/gecko-decision", "queue:task-group-id:gecko-level-1/SSGabY1KTsq2_k_ov1W97w", "queue:schedule-task:gecko-level-1/SSGabY1KTsq2_k_ov1W97w/SSGabY1KTsq2_k_ov1W97w" ] ] You only have the scopes: [ "assume:hook-id:garbage/*", "assume:mozilla-group:IntranetWiki", "assume:mozilla-group:StatsDashboard", "assume:mozilla-group:all-moco-mofo@mozilla.com", "assume:mozilla-group:all-moco@mozilla.com", "assume:mozilla-group:corp-contractors@mozilla.com", "assume:mozilla-group:corp-vpn", "assume:mozilla-group:eu-corp-contractors@mozilla.com", "assume:mozilla-group:eu@mozilla.com", "assume:mozilla-group:jduell-directs@mozilla.com", "assume:mozilla-group:okta_mfa", "assume:mozilla-group:phonebook_access", "assume:mozilla-group:team_moco", "assume:mozilla-group:vpn_cloudops_webpagetest", "assume:mozilla-group:vpn_corp", "assume:mozilla-group:vpn_default", "assume:mozilla-user:hbambas@mozilla.com", "assume:mozillians-user:mayhemer", "assume:project:taskcluster:tutorial", "assume:worker-id:*", "auth:create-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:create-role:hook-id:garbage/*", "auth:delete-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:delete-role:hook-id:garbage/*", "auth:reset-access-token:mozilla-ldap/hbambas@mozilla.com/*", "auth:update-client:mozilla-ldap/hbambas@mozilla.com/*", "auth:update-role:hook-id:garbage/*", "hooks:modify-hook:garbage/*", "hooks:trigger-hook:garbage/*", "queue:create-task:aws-provisioner-v1/b2gtest", "queue:create-task:aws-provisioner-v1/tutorial", "queue:get-artifact:private/*", "queue:rerun-task", "queue:resolve-task", "scheduler:create-task-graph", "scheduler:extend-task-graph", "secrets:get:garbage/*", "secrets:set:garbage/*" ] In other words you are missing scopes from one of the options: * Option 0: - "queue:create-task:aws-provisioner-v1/gecko-decision" * Option 1: - "queue:define-task:aws-provisioner-v1/gecko-decision", and - "queue:task-group-id:gecko-level-1/SSGabY1KTsq2_k_ov1W97w", and - "queue:schedule-task:gecko-level-1/SSGabY1KTsq2_k_ov1W97w/SSGabY1KTsq2_k_ov1W97w" 


Result: can't trigger jobs on try.  What do I have to do?
It doesn't look like that account has commit privileges.  You'll need to login with the account you use to commit with.
My commit access is bound to my bugzilla email.  No idea how to log into tuskcluster with that.

Probably best would be to ask commit rights for my LDAP bound email.

It can't just be easy....
Commit access is governed by LDAP, so the account definitely exists in LDAP.  You may just need to figure out the password for it, through the forgotten-password process.

You might also consider just merging the two LDAP accounts?
(In reply to Dustin J. Mitchell [:dustin] from comment #3)
> Commit access is governed by LDAP, so the account definitely exists in LDAP.
> You may just need to figure out the password for it, through the
> forgotten-password process.

Will try.  It's nearly a 10 years old account :)

> 
> You might also consider just merging the two LDAP accounts?

If that's possible, it might be the best option.

Thanks.
No problem.  I'm not an LDAP admin, so that's about all I can do for you :/
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Component: Login → Services
You need to log in before you can comment on or make changes to this bug.