Closed
Bug 1496783
Opened 6 years ago
Closed 6 years ago
access to create secrets for Thunderbird builds
Categories
(Taskcluster :: Operations and Service Requests, task)
Taskcluster
Operations and Service Requests
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rjl, Unassigned)
Details
Attachments
(1 file)
I'm the new build engineer for Thunderbird, and I've been asked to set up new secrets in Taskcluster for our "upload-symbols" task. (bug 1461560) I don't have the necessary access to create new secrets where they need to go however. The secrets need to be at: secrets:get:project/comm/thunderbird/releng/build/level-1/gecko-symbol-upload secrets:get:project/comm/thunderbird/releng/build/level-3/gecko-symbol-upload And these are the secrets scopes that I have access to: secrets:get:garbage/* secrets:get:project/comm/thunderbird/releng/build/level-1/* secrets:get:project/releng/comm/build/level-1/* secrets:get:project/releng/gecko/build/level-1/* secrets:get:project/taskcluster/gecko/hgfingerprint secrets:set:garbage/* Tom Prince previously managed these secrets and can vouch for me. Thanks!
Comment 1•6 years ago
|
||
I've attached a patch which creates the role `project:releng:ci-group:thunderbird-releng`. :rjl will need to be granted that role. My initial thought was to create mozillians groups corresponding to that role, but it appears that only staff/NDA'd mozillians can be added to mozillian access groups. I think the easiest is to just add that directly to :rjl's clientID. :rjl What is your client id from https://tools.taskcluster.net/credentials
Comment 2•6 years ago
|
||
Reporter | ||
Comment 3•6 years ago
|
||
mozilla-auth0/ad|Mozilla-LDAP|thunderbird
Comment 4•6 years ago
|
||
So, we need to add `assume:project:releng:ci-group:thunderbird-releng` to a new role `login-identity:mozilla-auth0/ad|Mozilla-LDAP|thunderbird`.
Comment 5•6 years ago
|
||
https://tools.taskcluster.net/auth/roles/login-identity%3Amozilla-auth0%2Fad|Mozilla-LDAP|thunderbird
Reporter | ||
Comment 6•6 years ago
|
||
Working as expected. Thanks!
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•5 years ago
|
Component: Service Request → Operations and Service Requests
You need to log in
before you can comment on or make changes to this bug.
Description
•