Closed Bug 1535366 Opened 6 years ago Closed 6 years ago

login scanner not running

Categories

(Taskcluster :: Services, defect)

Product:
Taskcluster
Component:
Services
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: dustin, Assigned: owlish)

Details

{
  "EnvVersion": "2.0",
  "Fields": {
    "message": "handler.identityFromClientId is not a function",
    "name": "TypeError",
    "stack": "TypeError: handler.identityFromClientId is not a function\n    at scan (/app/services/login/src/scanner.js:48:46)\n    at process._tickCallback (internal/process/next_tick.js:68:7)",
    "v": 1
  },
  "Hostname": "1fcb865e-a3b8-4554-9893-64657fe5d23e",
  "Logger": "taskcluster.login.root",
  "Pid": 10,
  "Severity": 3,
  "Timestamp": 1552581357963000000,
  "Type": "monitor.error",
  "message": "TypeError: handler.identityFromClientId is not a function\n    at scan (/app/services/login/src/scanner.js:48:46)\n    at process._tickCallback (internal/process/next_tick.js:68:7)",
  "serviceContext": {
    "service": "login"
  },
  "severity": "ERROR"
}
Assignee: nobody → bugzeeeeee
Status: NEW → ASSIGNED

FYI, I ran the scanner in heroku with

heroku run -a taskcluster-login scanner

mm, I'm not sure how to parse that information :) Let me start with questions: what is this scanner and what does it do? I thought functions in that module are used as a part of routine operation of taskcluster-login. Your comment seems to hint that it's a utility of some sort, to be ran by hand? Do you mean I should run it by hand to test?

I did run that command, and I only see Running scanner on ⬢ taskcluster-login... up, run.8804 (Standard-1X) <--- not sure what that means :) Is it still broken?

It's run in a daily crontask, and scans all permaclients created by users, checking each client's scopes against the scopes the user should have. If the client has more scopes than the user, then the scanner disables the client. The idea is that if a user is a member of some powerful group, creates a client using scopes granted to that group, and is then removed from the group, then they should no longer be able to use the client, either.

Heroku runs it daily for us, but comment 2 is just a shorthand way to run it right away. It took a while (10s of seconds) to start up for me when I ran it. I don't know how much it logs while it's running, in this new world of structured logging..

Ran the command, didn't see any errors

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.