Closed Bug 1461579 Opened 7 years ago Closed 7 years ago

Cannot execute rerun/cancel from Taskcluster-CLI

Categories

(Taskcluster :: Services, enhancement)

Product:
Taskcluster
Component:
Services
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rmutter, Unassigned)

Details

Hello, After hacking a bit into TaskCluster-CLI repo, I've tried to cancel/rerun a task via prompt but it seems like it returned a 401 HTTP response code. Talked with :sfraser and compared our scopes, seems like the only difference is the team we are part of. Here's a pastebin of the returned error: https://pastebin.mozilla.org/9085441 . Can anyone check out my scopes/add needed scopes? Thank you!
Flags: needinfo?(wcosta)
Flags: needinfo?(jopsen)
:jonasfj, I could confirm his client ID has the right scopes, but he is getting 401 from queue, do you have any idea what might be happening? Also, I tested locally and it works for me.
Flags: needinfo?(wcosta)
Pastebin contents: --- ./taskcluster task cancel egP4XLYpTNKOcOAxKbC3DA Scraping ping URLs from https://references.taskcluster.net/manifest.json Writing cache file /home/roland.mutter/.cache/taskcluster/taskcluster-cli/cmds/status/pingURLs.json (Permanent) HTTP response code 401 HTTP/1.1 401 Unauthorized Content-Length: 382 Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,Accept,Origin Access-Control-Allow-Methods: OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,CONNECT Access-Control-Allow-Origin: * Access-Control-Max-Age: 900 Access-Control-Request-Method: * Cache-Control: no-store no-cache must-revalidate Connection: keep-alive Content-Security-Policy: report-uri /__cspreport__;default-src 'none';frame-ancestors 'none'; Content-Type: application/json; charset=utf-8 Date: Tue, 15 May 2018 06:45:23 GMT Etag: W/"17e-jEvrfChIMSwkoPO+MfzlHPHxD3Q" Server: Cowboy Strict-Transport-Security: max-age=7776000000; includeSubDomains Via: 1.1 vegur Www-Authenticate: hawk X-Content-Type-Options: nosniff { "code": "AuthenticationFailed", "message": "Bad Request: Bad attribute value: id\n----\nmethod: cancelTask\nerrorCode: AuthenticationFailed\nstatusCode: 401\ntime: 2018-05-15T06:45:23.039Z", "requestInfo": { "method": "cancelTask", "params": { "taskId": "egP4XLYpTNKOcOAxKbC3DA" }, "payload": {}, "time": "2018-05-15T06:45:23.039Z" } } Error: could not cancel the task egP4XLYpTNKOcOAxKbC3DA: (Permanent) HTTP response code 401 HTTP/1.1 401 Unauthorized Content-Length: 382 Access-Control-Allow-Headers: X-Requested-With,Content-Type,Authorization,Accept,Origin Access-Control-Allow-Methods: OPTIONS,GET,HEAD,POST,PUT,DELETE,TRACE,CONNECT Access-Control-Allow-Origin: * Access-Control-Max-Age: 900 Access-Control-Request-Method: * Cache-Control: no-store no-cache must-revalidate Connection: keep-alive Content-Security-Policy: report-uri /__cspreport__;default-src 'none';frame-ancestors 'none'; Content-Type: application/json; charset=utf-8 Date: Tue, 15 May 2018 06:45:23 GMT Etag: W/"17e-jEvrfChIMSwkoPO+MfzlHPHxD3Q" Server: Cowboy Strict-Transport-Security: max-age=7776000000; includeSubDomains Via: 1.1 vegur Www-Authenticate: hawk X-Content-Type-Options: nosniff { "code": "AuthenticationFailed", "message": "Bad Request: Bad attribute value: id\n----\nmethod: cancelTask\nerrorCode: AuthenticationFailed\nstatusCode: 401\ntime: 2018-05-15T06:45:23.039Z", "requestInfo": { "method": "cancelTask", "params": { "taskId": "egP4XLYpTNKOcOAxKbC3DA" }, "payload": {}, "time": "2018-05-15T06:45:23.039Z" } } Usage: taskcluster task cancel <taskId> [flags] --- What clientId are you using? It's not a matter of scopes -- your Hawk header is malformed somehow ("Bad attribute value: id"). That comes from the Hawk library itself in https://github.com/hueniverse/hawk/blob/e661c4d2c7da1ab4c27b60842292c1a7f5a2a65c/lib/utils.js#L158 Since you were hacking on the taskcluster-cli repo, I wonder if you did something to change the authentication process?
Flags: needinfo?(jopsen)
Haven't touched anything related to that. Was working on https://github.com/taskcluster/taskcluster-cli/issues/188 trying to add --noop. Tried to cancel/rerun with default repo as well
Flags: needinfo?(jopsen)
What clientId are you using?
Flags: needinfo?(jopsen)
'mozilla-auth0/ad|Mozilla-LDAP|rmutter/cli'
OK, I can reproduce this with a high-ascii character in my clientId: dustin@jemison ~ $ TASKCLUSTER_CLIENT_ID='mozilla-auth0/ad|Mozilla-LDAP|dmitchell/cliü' dustin@jemison ~ $ taskcluster task cancel egP4XLYpTNKOcOAxKbC3DA (Permanent) HTTP response code 401 ... yet, the clientId you just pasted does not contain such characters, and in fact satisfies the regexp in the hawk source file I linked earlier: > r = /^[ \w\!#\$%&'\(\)\*\+,\-\.\/\:;<\=>\?@\[\]\^`\{\|\}~]+$/; /^[ \w\!#\$%&'\(\)\*\+,\-\.\/\:;<\=>\?@\[\]\^`\{\|\}~]+$/ > r.test('mozilla-auth0/ad|Mozilla-LDAP|rmutter/cli'); true How are you setting the clientId? Is there a different clientId defined in the taskcluster-cli configuration file?
./taskcluster signin , creating the new client after UI opens up then copy pasting the CLIENT ID and ACCESS TOKEN into console
Do you have anything in `~/.config/taskcluster.yml`?
I don't have a taskcluster.yml in my home/.config folder .
Got one in /taskcluster-cli folder
We had a brief Vidyo chat, and the issue was not copy/pasting the `export` part of the lines, so TASKCLUSTER_CLIENT_ID wasn't being exported. I think the result was using an empty string as clientId, but with a value for accessToken. I filed https://github.com/taskcluster/taskcluster-cli/issues/191 to give better error messages about this situation, but the immediate issue is clear, and Roland can continue his work.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Component: Authentication → Services
You need to log in before you can comment on or make changes to this bug.