Closed Bug 1505836 Opened 6 years ago Closed 5 years ago

unable to create useful tokens for tooltool

Categories

(Release Engineering :: General, enhancement)

enhancement
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: gbrown, Assigned: garbas)

References

Details

Beginning about a month ago, I noticed I could no longer issue useful tokens on https://mozilla-releng.net/tokens/. 

I see these permissions:

base.tokens.tmp.issue 	Issue temporary tokens
base.tokens.usr.issue 	Issue user tokens
base.tokens.usr.revoke.my 	Revoke my user tokens
base.tokens.usr.view.my 	See my user tokens
tooltool.download.public 	Download PUBLIC files from tooltool

I have issued tokens for public and internal tooltool downloads and uploads in the past -- what happened to those permissions?

I had thought bug 1471987 would help, but it didn't seem to.
:coop - Do you know what's happening here, or know who could investigate?
Flags: needinfo?(coop)
Redirecting to releng.
Component: Service Request → Applications: ToolTool
Flags: needinfo?(coop)
Product: Taskcluster → Release Engineering
QA Contact: rgarbas
Flags: needinfo?(rgarbas)
I'm looking into this, thank you for reporting
Flags: needinfo?(rgarbas)
Assignee: nobody → rgarbas

This looks a problem with latest release of itsdangerous. https://github.com/pallets/itsdangerous/blob/master/CHANGES.rst
Probably pinning to 0.24 should fix it.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

I don't see any change from the experience I described in comment 0.

(In reply to Geoff Brown [:gbrown] from comment #5)

I don't see any change from the experience I described in comment 0.

Is there more to do here?

Flags: needinfo?(rgarbas)

:gbrown

I can see that something is weird with tokens permissions.

Looks like it is configured properly[1] via ci-configuration, but configured scopes are not there[2]. I need to ask on #taskcluster what is happening here.

[1] https://hg.mozilla.org/build/ci-configuration/file/tip/grants.yml#l946
[2] https://tools.taskcluster.net/auth/roles/mozilla-group%3Ateam_moco

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

:gbrown i finally managed to apply the roles/scopes to correct groups. being in team_moco you should now able to also download private things from tooltool.

regarding uploading (public and private) was this before granted to you personally or to a team you are part of. I migrated all of the ACL mappings that i could find from previous setup.

if this permission was added to you personally then we need to add you to the vpn_tooltooleditor ldap group.

Flags: needinfo?(rgarbas) → needinfo?(gbrown)

Thanks! From bug 1145718, it looks like I asked to be added to vpn_tooltooleditors, back in 2015.

Flags: needinfo?(gbrown)

:gbrown ok then i think this looks like it is done. and ofcourse please reopen if private download/upload still doesn't work.

Status: REOPENED → RESOLVED
Closed: 5 years ago5 years ago
Resolution: --- → FIXED
Component: Applications: ToolTool → General
You need to log in before you can comment on or make changes to this bug.