Open
Bug 1591602
Opened 6 years ago
Updated 5 months ago
Assert roles have necessary scopes without running tasks
Categories
(Release Engineering :: General, enhancement)
Release Engineering
General
Tracking
(Not tracked)
NEW
People
(Reporter: mhentges, Unassigned)
Details
One source of production failures that we have in releng mobile is when we update the tasks and scopes required for a workflow, but forget to update the associated role in Taskcluster. When this happens, it can be rectified pretty easily (update the role, re-run the task, land role change in ci-configuration), but it would be great if we could programmatically verify that our workflow will have all the scopes it needs without actually running the production tasks.
Questions:
- We need a tool to assert that a role will provide all necessary scopes, but there's special wildcard logic that we need to handle properly. Is it possible to re-use the taskcluster scope-checking implementation?
- How do we want the interface for this to look? Would this be a command off of
taskgraph, or a standalone CLI?
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•5 months ago
|
QA Contact: catlee
You need to log in
before you can comment on or make changes to this bug.
Description
•