New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add anonymous scopes to services #3704
Add anonymous scopes to services #3704
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
services/github/scopes.yml
Outdated
@@ -3,3 +3,4 @@ | |||
- queue:route:statuses | |||
- queue:route:checks | |||
- assume:scheduler-id:taskcluster-github/* | |||
- assume:anonymous |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: git will complain without a newline at the end of the file, here and other places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the context of this line why do we need to add this? Do the static clients not get that scope added?
83d24aa
to
f3fb211
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is necessary, based onhttps://github.com//pull/3615#issuecomment-715636601.
I suspect this PR was created because of #3691, with the idea that if one service needs this scope, they all do.
I think the only reason that #3691 was required was that #3616 landed before the rest of the RFC#165 work in #3615. In fact, I think that both PRs become redundant after #3615 lands and can be reverted. If #3615 is correct, then we never need to specify assume:anonymous
anywhere, because it's implicitly included everywhere (including in auth.currentScopes
which the frontend uses for the Profile view).
So to be clear, my thinking is:
- close this without landing it
- include a revert of Add anonymous scope in web-server #3616 and Add assume:anonymous to web-server scopes #3691 in RFC 165 #3615.
--> #3801. |
Relates to #3615.