Remove ChromeOS IP Whitelisting for CloudSql |
|||||||||||
Issue descriptionChromeOS builders currently access these instances of CIDB: cidb, cidb-replica, debug-cidb. And uses IP address whitelisting to allow access. We would like to instead access via a proxy so we can remove the whitelists, and remove the static IPs from our builders. This CL creates the mechanism we hope to use. https://chromium-review.googlesource.com/c/chromiumos/chromite/+/609591/6/lib/cidb.py
,
Sep 19 2017
Status: I will wait for @don to give me a testable builder, then start.
,
Sep 28 2017
,
Mar 19 2018
,
Jun 8 2018
,
Aug 3
Pass to CI team.
,
Nov 9
,
Nov 9
,
Nov 9
,
Nov 13
Pri-0 bugs are critical regressions or serious emergencies, and this bug has not been updated in three days. Could you please provide an update, or adjust the priority to a more appropriate level if applicable? If a fix is in active development, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 13
,
Dec 6
At a first glance, to remove the whitelisting will require us to utilize service accounts for connecting. Based on our current implementation, service accounts will require the deployment and configuration of the cloud proxy to all builders. Separate bugs will be opened to track those initiatives. -- Mike
,
Dec 6
My understanding is that we have to deploy the proxy, and manage it's runtime process ourselves (not as a system service). That is feasible, but a little more tricky, probably similar to what we do with tsmon today.
,
Dec 6
Why could this not be deployed/started as a service? Normally all dependent services that are not part of the actual build process, would be started and managed as a service. Is there something specific here that would prevent that? -- Mike
,
Dec 6
Maybe it can, I'm not sure. |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by dgarr...@chromium.org
, Sep 19 2017