Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cache-issues): grant read permissions for sc-dbaas-data-qa account #9541

Merged
merged 1 commit into from
Dec 12, 2024
Merged

fix(cache-issues): grant read permissions for sc-dbaas-data-qa account #9541

merged 1 commit into from
Dec 12, 2024

Conversation

mikliapko
Copy link
Contributor

@mikliapko mikliapko commented Dec 11, 2024
edited
Loading

Since SCT test can be triggered not only from under cloudius-systems, but sc-dbaas-data-qa account (cloud longevity tests), cache-issues job is adjusted to grant read permissions to the uploaded files for this sc-dbaas-data-qa account.

Grants for cloudius-systems account should be specified as well, otherwise, the owner will miss these permissions.

Testing

  • Local test
mikita@mikita-pc:~$ aws s3 cp test.txt s3://scylla-qa-keystore/test.txt --grants read=id=ae6058f752268a384a1a3e3732c4eea3d8a7d597e9cbc7f5bd7b791a224f3e67 full=id=0c2716c5c3e86717000f7af99a8c82c5f776b86179f73d4985de88ceff86a9a4
upload: ./test.txt to s3://scylla-qa-keystore/test.txt

image

PR pre-checks (self review)

  • I added the relevant backport labels
  • I didn't leave commented-out/debugging code

@mikliapko mikliapko self-assigned this Dec 11, 2024
@mikliapko
Copy link
Contributor Author

mikliapko commented Dec 11, 2024
edited
Loading

@fruch
I saw you mentioned that this job can't be tested from forks (I suppose because of secrets).
How can I do a verification run?
And should I assign any backport label? I suppose not.

fruch
fruch requested changes Dec 11, 2024
View reviewed changes
.github/workflows/cache-issues.yaml Outdated
@@ -4,6 +4,10 @@ on:
- cron: '0 */6 * * *'
workflow_dispatch:

env:
CLOUDIUS_SYSTEMS_CANONICAL_ID: 0c2716c5c3e86717000f7af99a8c82c5f776b86179f73d4985de88ceff86a9a4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lets put those into secrets

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't have permission to manager secrets here.
Could you please help with that?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created secrets with those names

@fruch
Copy link
Contributor

fruch commented Dec 11, 2024

@fruch
I saw you mentioned that this job can't be tested from forks (I suppose because of secrets).
How can I do a verification run?
And should I assign any backport label? I suppose not.

You can push it to the main repo for testing, I think you should have permission for doing that.

@mikliapko
Copy link
Contributor Author

@fruch
I saw you mentioned that this job can't be tested from forks (I suppose because of secrets).
How can I do a verification run?
And should I assign any backport label? I suppose not.

You can push it to the main repo for testing, I think you should have permission for doing that.

Okay, I'll check

@mikliapko
fix(cache-issues): grant read permissions for sc-dbaas-data-qa account
77b84ee 
Since SCT test can be triggered not only from under cloudius-systems,
but sc-dbaas-data-qa account (cloud longevity tests), cache-issues job
is adjusted to grant read permissions to the uploaded files for this
sc-dbaas-data-qa account.

Grants for cloudius-systems account should be specified as well,
otherwise, the owner will miss these permissions.
@mikliapko mikliapko force-pushed the gh-cache-issues-support-dbaas-data-qa branch from 8c7f32d to 77b84ee Compare December 12, 2024 10:17
@mikliapko mikliapko marked this pull request as ready for review December 12, 2024 10:17
@mikliapko mikliapko requested a review from fruch December 12, 2024 10:17
@mikliapko mikliapko added the backport/none Backport is not required label Dec 12, 2024
@mikliapko
Copy link
Contributor Author

@fruch
I saw you mentioned that this job can't be tested from forks (I suppose because of secrets).
How can I do a verification run?
And should I assign any backport label? I suppose not.

You can push it to the main repo for testing, I think you should have permission for doing that.

Okay, I'll check

Did a testing here - GH Actions job, created files in test directory.

@mikliapko mikliapko mentioned this pull request Dec 12, 2024
Open
fruch
fruch approved these changes Dec 12, 2024
View reviewed changes
Copy link
Contributor

@fruch fruch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fruch fruch merged commit 6378cc9 into scylladb:master Dec 12, 2024
8 checks passed
@mikliapko mikliapko deleted the gh-cache-issues-support-dbaas-data-qa branch December 12, 2024 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fruch fruch fruch approved these changes

Assignees

@mikliapko mikliapko

Labels
backport/none Backport is not required promoted-to-master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikliapko @fruch @scylladbbot