New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727768 link

Starred by 1 user
Status: Fixed
Owner:
aga...@chromium.org
Closed: May 2017
Cc:
wrengr@chromium.org
kateso...@chromium.org
mbarbe...@chromium.org
infe...@chromium.org
st...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 727801



Sign in to add a comment

Grant Predator access to https://chrome-internal.googlesource.com/chrome/tools/buildspec.git/

Project Member Reported by kateso...@chromium.org, May 30 2017 
When analyzing Chrome crashes of official builds like cananry/dev/beta/stable release builds, Predator app needs to grab the DEPS for those builds in https://chrome-internal.googlesource.com/chrome/tools/buildspec.git/.

Recently, Predator has been separated from Findit and is a stand alone service, as https://predator-for-me.appspot.com (We used to be part of Findit project on googleplex, as https://findit-for-me.googleplex.com, old bug from granting access is https://bugs.chromium.org/p/chromium/issues/detail?id=607244)

And the Appengine service account is:
predator-for-me@appspot.gserviceaccount.com

Comment 1 by kateso...@chromium.org, May 30 2017

Owner: aga...@chromium.org
Status: Assigned (was: Available)
agable@, do you mind helping grant Predator service account predator-for-me@appspot.gserviceaccount.com read-only access to https://chrome-internal.googlesource.com/chrome/tools/buildspec.git/?

Assigned this bug to you because you are the Git admin sheriff today.
Thanks for your help in advance!

Comment 2 by kateso...@chromium.org, May 30 2017 

Please also grant Predator staging service account predator-for-me-staging@appspot.gserviceaccount.com read-only access, thanks

Comment 3 by st...@chromium.org, May 30 2017 

After migrating Predator from findit-for-me.googleplex.com to the new appspot app, we should also revoke the same permission granted to the googleplex account.
@katesonia, please confirm whether we could revoke the permission now or file a separate bug for that.

Comment 4 by kateso...@chromium.org, May 30 2017

Blocking: 727801

Comment 5 by aga...@chromium.org, May 30 2017

Components: Infra>Git>Admin

Comment 6 by aga...@chromium.org, May 30 2017

Status: Fixed (was: Assigned)
Done. Also revoked access for "findit-for-me@appspot.gserviceaccount.com", which stgao@ and katesonia@ confirmed was not being used. Access for "findit-for-me.google.com@appspot.gserviceaccount.com" will be revoked in the followup bug.

Comment 7 by kateso...@chromium.org, May 30 2017 

It seems that the 403 errors still occur in "predator-for-me" after adding authentication scope - https://www.googleapis.com/auth/gerritcodereview

Request to https://chrome-internal.googlesource.com/chrome/tools/buildspec.git/+/master/releases/60.0.3112.4/DEPS?format=text resulted in 403, headers:[["strict-transport-security", "max-age=31536000; includeSubDomains; preload"], ["x-content-type-options", "nosniff"], ["transfer-encoding", "chunked"], ["expires", "Mon, 01 Jan 1990 00:00:00 GMT"], ["server", "GSE"], ["x-xss-protection", "1; mode=block"], ["pragma", "no-cache"], ["cache-control", "no-cache, no-store, max-age=0, must-revalidate"], ["date", "Tue, 30 May 2017 23:15:51 GMT"], ["x-frame-options", "SAMEORIGIN"], ["alt-svc", "quic=\":443\"; ma=2592000; v=\"38,37,36,35\""], ["content-type", "text/html; charset=UTF-8"]] (/base/data/home/apps/s~predator-for-me/backend-process:katesonia.401629179548451088/first_party/gae_libs/http/http_client_appengine.py:65)

Sign in to add a comment