New issue
Advanced search Search tips

Issue 731847 link

Starred by 1 user
Status: Fixed
Owner:
vadimsh@chromium.org
Closed: Aug 2017
Cc:
vadimsh@chromium.org
mar...@chromium.org
Components:
EstimatedDays: 3
NextAction: ----
OS: ----
Pri: 1
Type: Feature

Blocked on:
issue 731843
Blocking:
issue 712444
issue 731849
issue 731852
issue 731854



Sign in to add a comment

Make swarming server request service account tokens from luci-token-server

Project Member Reported by efoo@chromium.org, Jun 9 2017 
LUCI Milestone Planning task for swarming service accounts to add swarming server request tokens from luci-token-server

End goal is to be able to declare a service account in a builder and read an access token in a recipe.

vadimsh CC'ed to fill in the implementation details

Comment 1 by efoo@chromium.org, Jun 9 2017

Blocking: 731849

Comment 2 by efoo@chromium.org, Jun 9 2017

Blockedon: 731852

Comment 3 by efoo@chromium.org, Jun 9 2017

Blockedon: 731853

Comment 4 by efoo@chromium.org, Jun 9 2017

Blocking: 731853

Comment 5 by efoo@chromium.org, Jun 9 2017

Blockedon: -731853

Comment 6 by efoo@chromium.org, Jun 9 2017

Blocking: 731852

Comment 7 by efoo@chromium.org, Jun 9 2017

Blockedon: -731852

Comment 8 by efoo@chromium.org, Jun 9 2017

Blocking: 731854

Comment 9 by efoo@chromium.org, Jun 9 2017

Blocking: 712444

Comment 10 by estaab@chromium.org, Jun 20 2017

Status: Available (was: Untriaged)

Comment 11 by vadimsh@chromium.org, Jul 28 2017

Blocking: -731853

Comment 12 by vadimsh@chromium.org, Jul 28 2017

Blockedon: 731843

Comment 13 by vadimsh@chromium.org, Aug 11 2017

Owner: vadimsh@chromium.org
Status: Assigned (was: Available)
Summary: Make swarming server request service account tokens from luci-token-server (was: Add swarming server request tokens from luci-token-server)

Comment 14 by vadimsh@chromium.org, Aug 11 2017

Components: -Infra>Platform>Buildbucket>Swarmbucket
Project Member

Comment 15 by bugdroid1@chromium.org, Aug 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/54c33a53f719d88ad50038b288096d1485ee1ec3

commit 54c33a53f719d88ad50038b288096d1485ee1ec3
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Fri Aug 11 14:04:48 2017

Remove 'new_request_clone'.

It's not used anymore.

R=maruel@chromium.org
BUG= 731847 

Change-Id: Ie0d10d8cde6f8b3d9e1bea22592f7b89e5e13d82
Reviewed-on: https://chromium-review.googlesource.com/611820
Commit-Queue: Marc-Antoine Ruel <maruel@chromium.org>
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>

[modify] https://crrev.com/54c33a53f719d88ad50038b288096d1485ee1ec3/appengine/swarming/server/task_request.py
[modify] https://crrev.com/54c33a53f719d88ad50038b288096d1485ee1ec3/appengine/swarming/server/task_request_test.py
Project Member

Comment 16 by bugdroid1@chromium.org, Aug 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/910ca2c1321f52a21fb7915cfe4af327caecf3a3

commit 910ca2c1321f52a21fb7915cfe4af327caecf3a3
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Mon Aug 14 22:58:50 2017

Introduce 'service_account' field in NewTaskRequest RPC message.

It replaces 'service_account_token' field, which is still accepted but will be
removed once all clients are updated not to use it.

Update comments and TODOs to reflect the new plan for implementing service
accounts support. In particular TaskRequest.service_account_token datastore
property still stays: it will eventually be generated on the fly when the task
is posted.

R=maruel@chromium.org
BUG= 731847 

Change-Id: I457bae6a6103751e6e303e77353395f248f5410f
Reviewed-on: https://chromium-review.googlesource.com/611823
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/handlers_bot_test.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/handlers_endpoints.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/handlers_endpoints_test.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/message_conversion.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/server/task_request.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/server/task_request_test.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/swarming_bot/bot_code/bot_auth.py
[modify] https://crrev.com/910ca2c1321f52a21fb7915cfe4af327caecf3a3/appengine/swarming/swarming_rpcs.py
Project Member

Comment 17 by bugdroid1@chromium.org, Aug 15 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/c9b3b076ec8a3ec4897e09c31e53cd6475d611ab

commit c9b3b076ec8a3ec4897e09c31e53cd6475d611ab
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Tue Aug 15 00:21:21 2017

Fix BadRequestException when using 'service_account_token' field.

This error was introduced in the previous CL.

TBR=maruel@chromium.org
BUG= 731847 

Change-Id: Ic26028a120eac0a560da54543efd41b5ffed17d0
Reviewed-on: https://chromium-review.googlesource.com/614783
Reviewed-by: Vadim Shtayura <vadimsh@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/c9b3b076ec8a3ec4897e09c31e53cd6475d611ab/appengine/swarming/message_conversion.py
Project Member

Comment 18 by bugdroid1@chromium.org, Aug 15 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/d91c4b883ed9235bbd29a7fecdbb464eccb24a8b

commit d91c4b883ed9235bbd29a7fecdbb464eccb24a8b
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Tue Aug 15 17:43:11 2017

Use 'service_account' instead of 'service_account_token' in Retry UI.

R=maruel@chromium.org, kjlubick@chromium.org
BUG= 731847 

Change-Id: I89522cb5f64051a25de2fbfae070eed7470ab1e1
Reviewed-on: https://chromium-review.googlesource.com/615022
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Kevin Lubick <kjlubick@chromium.org>
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>

[modify] https://crrev.com/d91c4b883ed9235bbd29a7fecdbb464eccb24a8b/appengine/swarming/ui/build/elements.html
[modify] https://crrev.com/d91c4b883ed9235bbd29a7fecdbb464eccb24a8b/appengine/swarming/ui/res/imp/taskpage/task-page.html
Project Member

Comment 19 by bugdroid1@chromium.org, Aug 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/7902d31a4de0dc13be6c62fe1edd9ab579b8caef

commit 7902d31a4de0dc13be6c62fe1edd9ab579b8caef
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Aug 16 20:58:30 2017

Regenerate Swarming API endpoints wrapper.

To include new 'service_account' field.

R=aludwin@google.com, maruel@chromium.org
BUG= 731847 

Change-Id: I8c1a4b9776f66db028ad980d14cf2f039d7ad753
Reviewed-on: https://chromium-review.googlesource.com/617580
Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/7902d31a4de0dc13be6c62fe1edd9ab579b8caef/common/api/swarming/swarming/v1/swarming-api.json
[modify] https://crrev.com/7902d31a4de0dc13be6c62fe1edd9ab579b8caef/common/api/swarming/swarming/v1/swarming-gen.go
Project Member

Comment 20 by bugdroid1@chromium.org, Aug 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/4d93f73abc088bfc5cf24259df1df1ea538c9ae6

commit 4d93f73abc088bfc5cf24259df1df1ea538c9ae6
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Aug 16 23:37:04 2017

Use 'service_account' instead of 'service_account_token' in swarming.py.

R=maruel@chromium.org
BUG= 731847 

Change-Id: Iebda503425e8ae1e7a60c066b35300c2c6a771ed
Reviewed-on: https://chromium-review.googlesource.com/614807
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/4d93f73abc088bfc5cf24259df1df1ea538c9ae6/client/swarming.py
[modify] https://crrev.com/4d93f73abc088bfc5cf24259df1df1ea538c9ae6/client/tests/swarming_test.py
Project Member

Comment 21 by bugdroid1@chromium.org, Aug 17 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/770d810e2dd6b7f74de1b2a34cb97ebaf2466b94

commit 770d810e2dd6b7f74de1b2a34cb97ebaf2466b94
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Thu Aug 17 16:41:47 2017

Add a function to parse RFC 3339 timestamp strings.

That's how protocol buffers JSON encoding encoded timestamps. Unfortunately,
Python has no built-in function for this. We adapts protobuf's own
implementation.

R=maruel@chromium.org
BUG= 731847 

Change-Id: Ifec7ec15125132bb135ddbef573c86d210ecfbd9
Reviewed-on: https://chromium-review.googlesource.com/618348
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/770d810e2dd6b7f74de1b2a34cb97ebaf2466b94/appengine/components/components/utils.py
[modify] https://crrev.com/770d810e2dd6b7f74de1b2a34cb97ebaf2466b94/appengine/components/components/utils_test.py
Project Member

Comment 22 by bugdroid1@chromium.org, Aug 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-py.git/+/1f3dde2dc163ee6f3d0fe9de24312b30667b5979

commit 1f3dde2dc163ee6f3d0fe9de24312b30667b5979
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Fri Aug 18 04:25:42 2017

Generate and cache "OAuth token grants" in /tasks/new.

Such grant can later be exchanged for a real OAuth token.

R=maruel@chromium.org
BUG= 731847 

Change-Id: I42147a4107f79fd7b660cabafef9740d56e40f56
Reviewed-on: https://chromium-review.googlesource.com/617618
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Marc-Antoine Ruel <maruel@chromium.org>

[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/components/components/auth/api.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/components/components/net.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/components/components/net_test.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/components/test_support/test_case.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/handlers_endpoints.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/handlers_endpoints_test.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/server/service_accounts.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/server/service_accounts_test.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/server/task_request.py
[modify] https://crrev.com/1f3dde2dc163ee6f3d0fe9de24312b30667b5979/appengine/swarming/test_env_handlers.py

Comment 23 by efoo@chromium.org, Aug 22 2017

Labels: LUCI-M2-S6

Comment 25 by vadimsh@chromium.org, Aug 29 2017

Status: Fixed (was: Assigned)
This is done, but not deployed to main Swarming fleet yet. The risk of deployment is low and there's no tricky migration steps to do.

There's one related cleanup task that doesn't block anything:  Issue 759940 .

Comment 26 by efoo@chromium.org, Nov 8 2017

Labels: -REQBY-LUCI-M4-OpenBeta REQBY-LUCI-M4d-LinuxComplete

Comment 27 by efoo@chromium.org, Nov 8 2017

Labels: -REQBY-LUCI-M4d-LinuxComplete REQBY-LUCI-M5-GASupport

Comment 28 by efoo@chromium.org, Jan 31 2018

Labels: LUCI-Dev2

Comment 29 by efoo@chromium.org, Jan 31 2018

Labels: -LUCI-M2-Dev2 -REQBY-LUCI-M5-GASupport LUCI-Blocker-Afterglow

Sign in to add a comment