Closed Bug 1375156 Opened 8 years ago Closed 6 years ago

[generic-worker] Support reading workerType secrets from taskcluster-secrets service

Categories

(Taskcluster :: Workers, enhancement)

Product:
Taskcluster
Component:
Workers
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: pmoore, Assigned: pmoore)

References

Details

Currently generic worker reads its (confidential) worker type configuration from the "secrets" portion of its worker type definition. In order to support bug 1375155 in making worker type definitions public information, generic-worker will need to be able to get secrets from the taskcluster-secrets service instead. This bug is about adding support for this in generic-worker.
Blocks: 1375157
Note, initially it should continue to support the old mechanics of using worker type secrets, to ease roll out. The later we'll disable it in the worker, once all worker types have been migrated to use it.
No longer blocks: 1375155
Summary: Support reading workerType secrets from taskcluster-secrets service → [generic-worker] Support reading workerType secrets from taskcluster-secrets service
Blocks: 1375176
QA Contact: pmoore
Component: Generic-Worker → Workers

Note, the implementation for this bug is a simple relocation of secret config/files from worker type definitions into a taskcluster secret named worker-type:aws-provisioner-v1/<workerType>.

Bug 1437464 offers a more comprehensive solution, but that will be more work to implement, so a simple relocation of secret content is all that will be done for the first pass, which is the purpose of this bug.

See Also: → 1246620
See Also: 12466201437464

This was implemented in bug 1375200.

Assignee: nobody → pmoore
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Blocks: 1527613
You need to log in before you can comment on or make changes to this bug.