Closed Bug 1632037 Opened 5 years ago Closed 2 years ago

Switch ci-admin to enumerating unmanaged resource patterns, instead of managed ones.

Categories

(Release Engineering :: Firefox-CI Administration, enhancement)

Product:
Release Engineering
Component:
Firefox-CI Administration
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: tomprince, Unassigned)

Details

We generally want to manage all resources in the firefox-ci cluster with ci-admin. There are some exceptions:

  • In Bug 1632009, we ignore clients that start with static/taskcluster (defined by taskcluster) and mozilla-auth0/ (which are tied to a user)
  • we historically allowed hooks and secrets with the garbage/ prefix (though it appears we no longer grant scopes for those)

The common feature of those is that the resource we don't want to manage are easier to specify that what we don't[1] want to manage, than what we do.

This might also make it easier to carve out some resource space on staging that is not managed by automation. If we do that, there are probably a few things we should consider:

  • people may want to use ci-admin with a local config to manage resources
  • we may want some way of automatically cleaning up resources there after a period of time.

[1] We fall back to enumerating a bunch that we do manage in places, but the list there is an exhaustive list of the role prefxies that exist.

Status: NEW → RESOLVED
Closed: 2 years ago
QA Contact: mgoossens
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.