unable to create useful tokens for tooltool
Categories
(Release Engineering :: General, enhancement)
Tracking
(Not tracked)
People
(Reporter: gbrown, Assigned: garbas)
References
Details
Beginning about a month ago, I noticed I could no longer issue useful tokens on https://mozilla-releng.net/tokens/. I see these permissions: base.tokens.tmp.issue Issue temporary tokens base.tokens.usr.issue Issue user tokens base.tokens.usr.revoke.my Revoke my user tokens base.tokens.usr.view.my See my user tokens tooltool.download.public Download PUBLIC files from tooltool I have issued tokens for public and internal tooltool downloads and uploads in the past -- what happened to those permissions? I had thought bug 1471987 would help, but it didn't seem to.
Reporter | ||
Comment 1•5 years ago
|
||
:coop - Do you know what's happening here, or know who could investigate?
Comment 2•5 years ago
|
||
Redirecting to releng.
Reporter | ||
Updated•5 years ago
|
Assignee | ||
Comment 3•5 years ago
|
||
I'm looking into this, thank you for reporting
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 4•5 years ago
|
||
This looks a problem with latest release of itsdangerous. https://github.com/pallets/itsdangerous/blob/master/CHANGES.rst
Probably pinning to 0.24 should fix it.
Assignee | ||
Updated•5 years ago
|
Reporter | ||
Comment 5•5 years ago
|
||
I don't see any change from the experience I described in comment 0.
Reporter | ||
Comment 6•5 years ago
|
||
(In reply to Geoff Brown [:gbrown] from comment #5)
I don't see any change from the experience I described in comment 0.
Is there more to do here?
Assignee | ||
Comment 7•5 years ago
|
||
:gbrown
I can see that something is weird with tokens permissions.
Looks like it is configured properly[1] via ci-configuration, but configured scopes are not there[2]. I need to ask on #taskcluster what is happening here.
[1] https://hg.mozilla.org/build/ci-configuration/file/tip/grants.yml#l946
[2] https://tools.taskcluster.net/auth/roles/mozilla-group%3Ateam_moco
Assignee | ||
Comment 8•5 years ago
|
||
:gbrown i finally managed to apply the roles/scopes to correct groups. being in team_moco you should now able to also download private things from tooltool.
regarding uploading (public and private) was this before granted to you personally or to a team you are part of. I migrated all of the ACL mappings that i could find from previous setup.
if this permission was added to you personally then we need to add you to the vpn_tooltooleditor ldap group.
Reporter | ||
Comment 9•5 years ago
|
||
Thanks! From bug 1145718, it looks like I asked to be added to vpn_tooltooleditors, back in 2015.
Assignee | ||
Comment 10•5 years ago
|
||
:gbrown ok then i think this looks like it is done. and ofcourse please reopen if private download/upload still doesn't work.
Updated•2 years ago
|
Description
•