Add anonymous scopes to services #3704
Conversation
helfi92
requested review from
imbstack and
jwhitlock
and removed request for
a team
services/github/scopes.yml
Outdated
| @@ -3,3 +3,4 @@ | |||
| - queue:route:statuses | |||
| - queue:route:checks | |||
| - assume:scheduler-id:taskcluster-github/* | |||
| - assume:anonymous | |||
There was a problem hiding this comment.
Nit: git will complain without a newline at the end of the file, here and other places.
helfi92
force-pushed
the
rfc165
branch
3 times, most recently
from
83d24aa
to
f3fb211
Compare
There was a problem hiding this comment.
I don't think this is necessary, based onhttps://github.com//pull/3615#issuecomment-715636601.
I suspect this PR was created because of #3691, with the idea that if one service needs this scope, they all do.
I think the only reason that #3691 was required was that #3616 landed before the rest of the RFC#165 work in #3615. In fact, I think that both PRs become redundant after #3615 lands and can be reverted. If #3615 is correct, then we never need to specify assume:anonymous anywhere, because it's implicitly included everywhere (including in auth.currentScopes which the frontend uses for the Profile view).
So to be clear, my thinking is:
- close this without landing it
- include a revert of Add anonymous scope in web-server #3616 and Add assume:anonymous to web-server scopes #3691 in RFC 165 #3615.
|
--> #3801. |
Relates to #3615.