Project-scoped service account support |
|
Issue description1. Implement project-scoped service account support for LUCI tokenserver 2. Extend client RPC client to use project-bound service account token generation API
,
Jan 11
The following revision refers to this bug: https://chrome-internal.googlesource.com/infradata/config/+/8ed2f445b1c3003d9f4bdaa0955be2b89e3adaaa commit 8ed2f445b1c3003d9f4bdaa0955be2b89e3adaaa Author: Felix Matenaar <fmatenaar@google.com> Date: Fri Jan 11 21:09:20 2019
,
Jan 11
The following revision refers to this bug: https://chrome-internal.googlesource.com/infradata/config/+/dff19152f8959a8975e917211d268a4c733bd913 commit dff19152f8959a8975e917211d268a4c733bd913 Author: Felix Matenaar <fmatenaar@google.com> Date: Fri Jan 11 21:53:08 2019
,
Jan 18
(4 days ago)
The following revision refers to this bug: https://chromium.googlesource.com/infra/luci/luci-go.git/+/66e19db6668e6ddb110f9b7991e4f2e41af151d1 commit 66e19db6668e6ddb110f9b7991e4f2e41af151d1 Author: Felix Matenaar <fmatenaar@chromium.org> Date: Fri Jan 18 23:24:15 2019 [scheduler proto] Implement project-scoped service accounts, proto changes in scheduler config. Project-scoped service accounts will extend LUCI tokenserver to issue service accounts tied to a particular LUCI project. This will reduce the ambient authority under which a LUCI service performs a set of actions in order to reduce potential issues in regard to the "confused deputy" problem. R=vadimsh@chromium.org Bug: 911811 Change-Id: Id58b865760836d9040afa5e1e09425131b6e4fc8 Reviewed-on: https://chromium-review.googlesource.com/c/1422759 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Felix Matenaar <fmatenaar@chromium.org> [modify] https://crrev.com/66e19db6668e6ddb110f9b7991e4f2e41af151d1/scheduler/appengine/messages/config.pb.go [modify] https://crrev.com/66e19db6668e6ddb110f9b7991e4f2e41af151d1/scheduler/appengine/messages/config.proto
,
Today
(5 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/infra/infra/+/f9deed20b5344e657497c39b6e376d5d9605e62d commit f9deed20b5344e657497c39b6e376d5d9605e62d Author: Felix Matenaar <fmatenaar@chromium.org> Date: Wed Jan 23 01:50:18 2019 [luci-scheduler] Implement project-scoped service accounts, updated dev config. Project-scoped service accounts will extend LUCI tokenserver to issue service accounts tied to a particular LUCI project. This will reduce the ambient authority under which a LUCI service performs a set of actions in order to reduce potential issues in regard to the "confused deputy" problem. R=vadimsh@chromium.org,tandrii@chromium.org Bug: 911811 Change-Id: Iaf6608c05298e9564c63f807dca925a9f67d6d6e Reviewed-on: https://chromium-review.googlesource.com/c/1422490 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Felix Matenaar <fmatenaar@chromium.org> Cr-Commit-Position: refs/heads/master@{#20131} [modify] https://crrev.com/f9deed20b5344e657497c39b6e376d5d9605e62d/infra/config/global/luci-scheduler-dev.cfg
,
Today
(5 hours ago)
The following revision refers to this bug: https://chromium.googlesource.com/infra/infra/+/f9deed20b5344e657497c39b6e376d5d9605e62d commit f9deed20b5344e657497c39b6e376d5d9605e62d Author: Felix Matenaar <fmatenaar@chromium.org> Date: Wed Jan 23 01:50:18 2019 [luci-scheduler] Implement project-scoped service accounts, updated dev config. Project-scoped service accounts will extend LUCI tokenserver to issue service accounts tied to a particular LUCI project. This will reduce the ambient authority under which a LUCI service performs a set of actions in order to reduce potential issues in regard to the "confused deputy" problem. R=vadimsh@chromium.org,tandrii@chromium.org Bug: 911811 Change-Id: Iaf6608c05298e9564c63f807dca925a9f67d6d6e Reviewed-on: https://chromium-review.googlesource.com/c/1422490 Reviewed-by: Vadim Shtayura <vadimsh@chromium.org> Commit-Queue: Felix Matenaar <fmatenaar@chromium.org> Cr-Commit-Position: refs/heads/master@{#20131} [modify] https://crrev.com/f9deed20b5344e657497c39b6e376d5d9605e62d/infra/config/global/luci-scheduler-dev.cfg |
|
►
Sign in to add a comment |
|
Comment 1 by fmatenaar@chromium.org
, Dec 4