Closed Bug 1488766 Opened 6 years ago Closed 6 years ago

retrigger-decision hook needs more scopes

Categories

(Firefox Build System :: Task Configuration, enhancement)

Product:
Firefox Build System
Component:
Task Configuration
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dustin, Assigned: dustin)

References

Details

Attachments

(3 files)

Bug 1488766: also substitute {hgmo_path}
46 bytes, text/x-phabricator-request
tomprince
: review+
Details | Review
Bug 1488766: improve error handling for malformed grants.yml
46 bytes, text/x-phabricator-request
tomprince
: review+
Details | Review
Bug 1488766: add scopes for retrigger-decision action
46 bytes, text/x-phabricator-request
tomprince
: review+
Callek
: review+
Details | Review
https://tools.taskcluster.net/groups/St8FfZMJTYO7PDZnzVx5sA/tasks/CujE-vTJTVmAg918WJgbPg/runs/0/logs/public%2Flogs%2Flive.log [task 2018-09-05T13:51:54.435Z] Creating task with taskId AauekzJxTPGVyLVX_eOjpw for Gecko Decision Task [task 2018-09-05T13:51:54.608Z] You do not have sufficient scopes. You are missing the following scopes: [task 2018-09-05T13:51:54.608Z] [task 2018-09-05T13:51:54.608Z] ``` [task 2018-09-05T13:51:54.608Z] { [task 2018-09-05T13:51:54.608Z] "AllOf": [ [task 2018-09-05T13:51:54.608Z] "assume:repo:hg.mozilla.org/integration/mozilla-inbound:branch:default", [task 2018-09-05T13:51:54.608Z] "in-tree:hook-action:project-gecko/in-tree-action-3-*" [task 2018-09-05T13:51:54.608Z] ] [task 2018-09-05T13:51:54.608Z] } [task 2018-09-05T13:51:54.608Z] ```
I think we want something like - grant: - assume:repo:hg.mozilla.org/{hgmo_path}:branch:default - in-tree:hook-action:project-gecko/in-tree-action-{level}-* to: project: feature: gecko-actions job: action:retrigger-decision (hgmo_path isn't supported yet, but adding support is easy)
I'm concerned about the impacts of this change. But it's just a gut feeling -- I can't figure out why. What could go wrong here?
Diffs look like @@ -146030,16 +146220,26 @@ Role=repo:hg.mozilla.org/releases/comm-esr52:*: - secrets:get:project/taskcluster/gecko/build/level-3/* - secrets:get:project/taskcluster/gecko/hgfingerprint - worker:cache:level-1-* - worker:privileged:manual-packet/tc-worker-docker-v0 - worker:privileged:terraform-packet/tc-worker-docker-v1 - worker:privileged:terraform-packet/tc-worker-docker-v1-* - worker:relengapi-proxy:tooltool.download.internal - worker:relengapi-proxy:tooltool.download.public + + Role=repo:hg.mozilla.org/releases/comm-esr52:action:retrigger-decision: + roleId: repo:hg.mozilla.org/releases/comm-esr52:action:retrigger-decision + description: + *DO NOT EDIT* - This resource is configured automatically by [ci-admin](https://hg.mozilla.org/build/ci-admin). + + Scopes in this role are defined in [https://hg.mozilla.org/build/ci-configuration/file/tip/grants.yml](ci-configuration/grants.yml). + scopes: + - assume:repo:hg.mozilla.org/releases/comm-esr52:branch:default + - in-tree:hook-action:project-gecko/in-tree-action-3-*
Comment on attachment 9006949 [details] Bug 1488766: also substitute {hgmo_path} Tom Prince [:tomprince] has approved the revision.
Attachment #9006949 - Flags: review+
Comment on attachment 9006956 [details] Bug 1488766: improve error handling for malformed grants.yml Tom Prince [:tomprince] has approved the revision.
Attachment #9006956 - Flags: review+
Comment on attachment 9006958 [details] Bug 1488766: add scopes for retrigger-decision action Tom Prince [:tomprince] has approved the revision.
Attachment #9006958 - Flags: review+
Comment on attachment 9006958 [details] Bug 1488766: add scopes for retrigger-decision action Justin Wood (:Callek) has approved the revision.
Attachment #9006958 - Flags: review+
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: