Automatically update static clients on deployment
Categories
(Taskcluster :: Services, defect)
Tracking
(Not tracked)
People
(Reporter: dustin, Assigned: dustin)
References
Details
Static clients need to be updated in deployments.
We really shouldn't have to include this in our changelogs :)
Brian, what would be involved in fixing this?
Comment 1•5 years ago
|
||
iirc you would have to fix how helm merges configs. I believe it doesn't actually deep merge but rather overwrites everything inside default auth.static_clients
with whatever is in the dev-config.yml
. We need to put accessToken
in dev-config but the rest of this (e.g. scopes) should come from defaults.
Comment 2•5 years ago
|
||
You could also pre-process things or switch off helm but I liked it being just plain helm because it keeps us closest to what cloudops does
Assignee | ||
Comment 3•5 years ago
|
||
Maybe we could do that merging as part of the dev-deploy process (so dev-config has auth.static_client_tokens, and that gets merged into the default auth.static_clients). In fact, maybe we could generate the static clients's names and scopes dynamically based on metadata from each service..
Assignee | ||
Comment 4•5 years ago
|
||
You're right, it's hard :)
https://github.com/taskcluster/taskcluster/pull/1415 at least checks things..
Assignee | ||
Comment 5•5 years ago
|
||
Another thing we might do is just use * patterns for the Azure tables for each service.. at least for new tables. Like owlish did for worker (WM*
). That would at least reduce the churn on these scopes.
Assignee | ||
Comment 6•5 years ago
|
||
Another idea: don't allow anyone to specify scopes for static/taskcluster/*
clients, and bake those into the auth service using yarn generate
.
We can also include a link to a diff of the example dev config into the release notes.
Comment 7•5 years ago
|
||
Another idea: don't allow anyone to specify scopes for static/taskcluster/* clients, and bake those into the auth service using yarn generate.
We can also include a link to a diff of the example dev config into the release notes.
+1 this is great.
Assignee | ||
Comment 8•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Description
•