Swarming bot can't fetch CIPD client when running a task with a service account |
||||||
Issue descriptionExample: https://chrome-swarming.appspot.com/task?id=367c4d515b71dc10&refresh=10&show_raw=1 It seems it sends "Authorization" header when accessing Google Storage signed URL (to download the client), and GS freaks out. It should not be sending the header.
,
Jun 2 2017
,
Jun 2 2017
swarming bot downloads CIPD client using cipd.py's _fetch_cipd_client https://cs.chromium.org/chromium/infra/luci/client/cipd.py?q=cipd.py+package:%5Echromium$&l=346 it uses net.py net.py specifically turns off authentication for GS URLs https://cs.chromium.org/chromium/src/tools/swarming_client/utils/net.py?q=net.py&dr&l=241 however, the underlying Engine may not have this logic. I could not find usages of set_engine_class. I assume it should be called to set an engine that supports service accounts.
,
Jun 2 2017
Looks like GS URL Regex is wrong https://codereview.chromium.org/2921943002
,
Jun 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/4b43f73977f9a432219b48f0e7548f2a6e3e2ab5 commit 4b43f73977f9a432219b48f0e7548f2a6e3e2ab5 Author: nodir <nodir@chromium.org> Date: Fri Jun 02 17:30:10 2017 Fix GS URL regex R=vadimsh@chromium.org Bug: 728723 Review-Url: https://codereview.chromium.org/2921943002 [modify] https://crrev.com/4b43f73977f9a432219b48f0e7548f2a6e3e2ab5/client/utils/net.py
,
Jun 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/external/github.com/luci/luci-py.git/+/4b43f73977f9a432219b48f0e7548f2a6e3e2ab5 commit 4b43f73977f9a432219b48f0e7548f2a6e3e2ab5 Author: nodir <nodir@chromium.org> Date: Fri Jun 02 17:30:10 2017 Fix GS URL regex R=vadimsh@chromium.org Bug: 728723 Review-Url: https://codereview.chromium.org/2921943002 [modify] https://crrev.com/4b43f73977f9a432219b48f0e7548f2a6e3e2ab5/client/utils/net.py
,
Jun 5 2017
I retried the task and it was successful: https://chrome-swarming.appspot.com/task?id=369141bcbd1cdb10&refresh=10&show_raw=1 Thanks!
,
Jun 5 2017
The retried task has "service account: none", so it's not using authentication and can't act as confirmation for the fix. I see that retrying tasks drops "service account" setting :(
,
Jun 5 2017
Oh, I did not notice that. Thanks for the catch. Reopening till we can confirm.
,
Jun 5 2017
Confirmed with https://chrome-swarming.appspot.com/task?id=3692e34e12bfca10&refresh=10&show_raw=1 Filed: https://bugs.chromium.org/p/chromium/issues/detail?id=729728 |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by rmis...@google.com
, Jun 2 2017