Issue 731854 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	vadimsh@chromium.org
Closed:	Oct 2017
Cc:	vadimsh@chromium.org no...@chromium.org mar...@chromium.org
Components:	Infra>Platform>Buildbucket>Gerrit Infra>Platform>Swarming
EstimatedDays:	3
NextAction:	----
OS:	----
Pri:	1
Type:	Feature
LUCI-M3-S10 LUCI-Beta reqby-luci-GASupport

Blocked on:
issue 731843
issue 731846
issue 731847

Blocking:
issue 712444

Recipe module for using LUCI service accounts

Project Member Reported by efoo@chromium.org, Jun 9 2017

Issue description

LUCI Milestone Planning task for swarming service accounts to append new recipe API calls for using service accounts

End goal is to be able to declare a service account in a builder and read an access token in a recipe.

vadimsh CC'ed to fill in the implementation details

Comment 1 by efoo@chromium.org, Jun 9 2017

Blocking: 712444

Comment 2 by estaab@chromium.org, Jun 20 2017

Status: Available (was: Untriaged)

Comment 3 by vadimsh@chromium.org, Aug 16 2017

Summary: Recipe module for using LUCI service accounts (was: Append new recipe API calls for using service accounts)

Project Member

Comment 4 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/recipes-py/+/4d872b88fb06006ec917c6d2a3324e26c0124319

commit 4d872b88fb06006ec917c6d2a3324e26c0124319
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Oct 04 00:38:22 2017

Add 'service_account' recipe module.

It can be used to grab OAuth tokens for task associated accounts on LUCI.
Depends on 'authutil' present in PATH.

Supersedes https://cs.chromium.org/chromium/build/scripts/slave/recipe_modules/service_account/

R=iannucci@chromium.org
BUG= 731854 , 770880

Change-Id: Iab51bdbadade0831f458507609104afaa310da77
Reviewed-on: https://chromium-review.googlesource.com/698924
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Robbie Iannucci <iannucci@chromium.org>

[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.expected/windows.json
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.expected/custom_scopes_and_lifetime.json
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.expected/json_key.json
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/api.py
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/__init__.py
[modify] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/README.recipes.md
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.expected/default.json
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.py
[add] https://crrev.com/4d872b88fb06006ec917c6d2a3324e26c0124319/recipe_modules/service_account/examples/full.expected/no_authutil.json

Comment 5 by efoo@chromium.org, Oct 4 2017

Labels: -REQBY-LUCI-M4-OpenBeta REQBY-LUCI-M6-Support

Project Member

Comment 6 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/tools/build/+/8993b9bbb02443e02353e55fac997a270de0e12a

commit 8993b9bbb02443e02353e55fac997a270de0e12a
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Oct 04 21:41:39 2017

Rename 'service_account' module to 'puppet_service_account' module.

It better matches the reality of what it is doing. Also mark it as deprecated,
since it won't work on LUCI. There's 'recipe_engine/service_account' module now
that should be used instead.

R=iannucci@chromium.org, jbudorick@chromium.org
BUG= 731854 

Change-Id: I25b25aadc0d5bb3e72b3cffc735cd2530f226e27
Reviewed-on: https://chromium-review.googlesource.com/699656
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>
Reviewed-by: Robbie Iannucci <iannucci@chromium.org>
Reviewed-by: John Budorick <jbudorick@chromium.org>

[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/goma/api.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/windows_no_authutil.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/gatekeeper/api.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/tests/steps/swarming_isolated_script_test.expected/chartjson_ignore_task_failure.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/perf_try_staging/build_state.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/buildbucket/examples/full.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/tests/steps/swarming_isolated_script_test.expected/histograms.json
[add] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/api.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/buildbucket/tests/get.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/linux_no_authutil.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/perf_try_staging/__init__.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/tests/steps/swarming_isolated_script_test.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/buildbucket/tests/put.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/__init__.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/windows_with_scopes.json
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/windows.json
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/linux.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipes/chromium.expected/dynamic_swarmed_isolated_script_perf_test_ignore_task_failure.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/tests/steps/swarming_isolated_script_test.expected/chartjson_simplified_ignore_task_failure.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/gatekeeper/__init__.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/auto_bisect/revision_state.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/auto_bisect/__init__.py
[rename] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/OWNERS
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/api.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/__init__.py
[add] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/examples/full.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipes/chromium.expected/dynamic_swarmed_sharded_passed_isolated_script_perf_test_histograms.json
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/config.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/auto_bisect_staging/__init__.py
[add] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/__init__.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/perf_try/build_state.py
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/auto_bisect_staging/revision_state.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/tests/get_json_path.expected/basic.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/steps.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/linux_with_scopes.json
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/windows_with_lifetime_sec.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipes/chromium.expected/dynamic_swarmed_sharded_passed_isolated_script_perf_test.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/perf_try/__init__.py
[add] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/examples/full.expected/win.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/goma/__init__.py
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/examples/full.expected/linux_with_lifetime_sec.json
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/README.recipes.md
[modify] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/chromium_tests/tests/steps/swarming_isolated_script_test.expected/chartjson.json
[delete] https://crrev.com/1cf42e653d6aafaca77ae0799b436cc17853866f/scripts/slave/recipe_modules/service_account/tests/get_json_path.py
[add] https://crrev.com/8993b9bbb02443e02353e55fac997a270de0e12a/scripts/slave/recipe_modules/puppet_service_account/examples/full.expected/linux.json

Project Member

Comment 7 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/infra/+/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345

commit 5d76c420a4d78dc6d27d6c1f0f9f747cf2041345
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Oct 04 22:42:00 2017

Roll recipe dependencies.

'build/service_account' has been renamed to 'build/puppet_service_account' and
its API slightly changed.

Switch recipe_autoroller recipe to use this module too while at it, since
'get_auth_token()' basically duplicated its exact logic.

R=iannucci@chromium.org
BUG= 731854 

Change-Id: I3b70c0a05173ab54c4218b2df4565d3059e10cf7
Reviewed-on: https://chromium-review.googlesource.com/701598
Reviewed-by: Robbie Iannucci <iannucci@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_autoroller.py
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/remote_execute_dataflow_workflow.py
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_autoroller.expected/with_auth.json
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_simulation.py
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/README.recipes.md
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_simulation.expected/with_auth.json
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/infra/config/recipes.cfg
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_roll_tryjob.expected/basic.json
[modify] https://crrev.com/5d76c420a4d78dc6d27d6c1f0f9f747cf2041345/recipes/recipes/recipe_roll_tryjob.py

Project Member

Comment 8 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/build_limited/scripts/slave/+/0fd0a32af4bc5fead717f865ffd0a7688378a54a

commit 0fd0a32af4bc5fead717f865ffd0a7688378a54a
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Oct 04 23:13:35 2017

Project Member

Comment 9 by bugdroid1@chromium.org, Oct 4 2017

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/chrome/tools/release/scripts/+/a5d6222b3ede07c036736b492d1a120c38d3c7ba

commit a5d6222b3ede07c036736b492d1a120c38d3c7ba
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Wed Oct 04 23:19:13 2017

Comment 10 by vadimsh@chromium.org, Oct 10 2017

Owner: vadimsh@chromium.org
Status: Fixed (was: Available)

Comment 11 by efoo@google.com, Oct 13 2017

Labels: -LUCI-M0-Backlog LUCI-M3-S10 LUCI-M3-ClosedBeta

Moving into closed beta since this is completed.

Comment 12 by efoo@chromium.org, Nov 8 2017

Labels: -LUCI-M3-ClosedBeta -REQBY-LUCI-M6-Support LUCI-M3-Beta REQBY-LUCI-M5-GASupport

Comment 13 by efoo@chromium.org, Jan 31 2018

Labels: LUCI-Beta

Comment 14 by efoo@chromium.org, Jan 31 2018

Labels: -LUCI-M3-Beta

Comment 15 by efoo@chromium.org, Feb 15 2018

Labels: -reqby-luci-m5-GASupport reqby-luci-GASupport

►

Issue 731854 link

Issue metadata

Recipe module for using LUCI service accounts

Issue description

Comment 1 by efoo@chromium.org, Jun 9 2017

Comment 1 Deleted

Comment 2 by estaab@chromium.org, Jun 20 2017

Comment 2 Deleted

Comment 3 by vadimsh@chromium.org, Aug 16 2017

Comment 3 Deleted

Comment 4 by bugdroid1@chromium.org, Oct 4 2017

Comment 4 Deleted

Comment 5 by efoo@chromium.org, Oct 4 2017

Comment 5 Deleted

Comment 6 by bugdroid1@chromium.org, Oct 4 2017

Comment 6 Deleted

Comment 7 by bugdroid1@chromium.org, Oct 4 2017

Comment 7 Deleted

Comment 8 by bugdroid1@chromium.org, Oct 4 2017

Comment 8 Deleted

Comment 9 by bugdroid1@chromium.org, Oct 4 2017

Comment 9 Deleted

Comment 10 by vadimsh@chromium.org, Oct 10 2017

Comment 10 Deleted

Comment 11 by efoo@google.com, Oct 13 2017

Comment 11 Deleted

Comment 12 by efoo@chromium.org, Nov 8 2017

Comment 12 Deleted

Comment 13 by efoo@chromium.org, Jan 31 2018

Comment 13 Deleted

Comment 14 by efoo@chromium.org, Jan 31 2018

Comment 14 Deleted

Comment 15 by efoo@chromium.org, Feb 15 2018

Comment 15 Deleted

Sign in to add a comment