How can you have more than one LAVA user have the same token secret (e.g. for a notify callback.)?
Example use case: - LAVA job with notify callbacks using token names - submited as user "bob", token names of "bob" map to actual token secrets - job fails - user "lab-admin" fixes some lab issues, re-submits job - job passes, but callbacks fail because tokens are associated with user "bob"
Since the re-submitted job runs as user "lab-admin", the same token names and corresponding secrets don't exist.
Naively, user "lab-admin" tries to copy the token secrets from user "bob" keeping the same token names, but this fails saying that "secret already exists".
Why can't different users have the same secrets?
I haven't looked at the code, but this limitation kind of suggests that the secret itself is the key in the db, which would prevent multiple secrets of the same.
Kevin
Hello Kevin,
in fact the "secret" field is marked to be unique on the whole database. Which make sharing tokens impossible.
I created an issue for this https://git.lavasoftware.org/lava/lava/issues/216
As described in the ticket, I believe that we should make: * secret: non unique * (description, user): unique together
I believe that this would solve your current issue.
Cheers
Le mer. 6 févr. 2019 à 01:04, Kevin Hilman khilman@baylibre.com a écrit :
How can you have more than one LAVA user have the same token secret (e.g. for a notify callback.)?
Example use case:
- LAVA job with notify callbacks using token names
- submited as user "bob", token names of "bob" map to actual token secrets
- job fails
- user "lab-admin" fixes some lab issues, re-submits job
- job passes, but callbacks fail because tokens are associated with user
"bob"
Since the re-submitted job runs as user "lab-admin", the same token names and corresponding secrets don't exist.
Naively, user "lab-admin" tries to copy the token secrets from user "bob" keeping the same token names, but this fails saying that "secret already exists".
Why can't different users have the same secrets?
I haven't looked at the code, but this limitation kind of suggests that the secret itself is the key in the db, which would prevent multiple secrets of the same.
Kevin
Lava-users mailing list Lava-users@lists.lavasoftware.org https://lists.lavasoftware.org/mailman/listinfo/lava-users
Remi Duraffort remi.duraffort@linaro.org writes:
Hello Kevin,
in fact the "secret" field is marked to be unique on the whole database. Which make sharing tokens impossible.
I created an issue for this https://git.lavasoftware.org/lava/lava/issues/216
As described in the ticket, I believe that we should make:
- secret: non unique
- (description, user): unique together
I believe that this would solve your current issue.
Yes, that would solve the problem.
Thanks!
Kevin
Hi Remi,
Kevin Hilman khilman@baylibre.com writes:
Remi Duraffort remi.duraffort@linaro.org writes:
in fact the "secret" field is marked to be unique on the whole database. Which make sharing tokens impossible.
I created an issue for this https://git.lavasoftware.org/lava/lava/issues/216
As described in the ticket, I believe that we should make:
- secret: non unique
- (description, user): unique together
I believe that this would solve your current issue.
Yes, that would solve the problem.
Gentle ping on this. The ticket above mentions 2019.05. Did this feature make it into 2019.05?
Thanks,
Kevin
Hello Kevin,
the feature hasn't been implemented yet bus it's still planned to be part of 2019.05.
Cheers
Le mar. 12 mars 2019 à 18:42, Kevin Hilman khilman@baylibre.com a écrit :
Hi Remi,
Kevin Hilman khilman@baylibre.com writes:
Remi Duraffort remi.duraffort@linaro.org writes:
in fact the "secret" field is marked to be unique on the whole database. Which make sharing tokens impossible.
I created an issue for this https://git.lavasoftware.org/lava/lava/issues/216
As described in the ticket, I believe that we should make:
- secret: non unique
- (description, user): unique together
I believe that this would solve your current issue.
Yes, that would solve the problem.
Gentle ping on this. The ticket above mentions 2019.05. Did this feature make it into 2019.05?
Thanks,
Kevin
On Wed, 6 Feb 2019 at 00:04, Kevin Hilman khilman@baylibre.com wrote:
How can you have more than one LAVA user have the same token secret (e.g. for a notify callback.)?
Example use case:
- LAVA job with notify callbacks using token names
- submited as user "bob", token names of "bob" map to actual token secrets
- job fails
- user "lab-admin" fixes some lab issues, re-submits job
how about submitting and re-submitting using the same user? This is how squad proxies the jobs from jenkins. Lab issues are fixed independently of re-submission process.
milosz
- job passes, but callbacks fail because tokens are associated with user "bob"
Since the re-submitted job runs as user "lab-admin", the same token names and corresponding secrets don't exist.
Naively, user "lab-admin" tries to copy the token secrets from user "bob" keeping the same token names, but this fails saying that "secret already exists".
Why can't different users have the same secrets?
I haven't looked at the code, but this limitation kind of suggests that the secret itself is the key in the db, which would prevent multiple secrets of the same.
Kevin
Lava-users mailing list Lava-users@lists.lavasoftware.org https://lists.lavasoftware.org/mailman/listinfo/lava-users
lava-users@lists.lavasoftware.org
-
Kevin Hilman -
Milosz Wasilewski -
Remi Duraffort