https://github.com/taskcluster/relengapi-proxy

TaskCluster proxy for RelengAPI
https://github.com/taskcluster/relengapi-proxy

Last synced: 5 months ago
JSON representation

TaskCluster proxy for RelengAPI

• Host: GitHub
• URL: https://github.com/taskcluster/relengapi-proxy
• Owner: taskcluster
• License: mpl-2.0
• Archived: true
• Created: 2015-06-02T20:02:50.000Z (about 11 years ago)
• Default Branch: master
• Last Pushed: 2019-04-24T10:30:42.000Z (about 7 years ago)
• Last Synced: 2024-06-19T23:11:20.601Z (almost 2 years ago)
• Language: Go
• Size: 1.74 MB
• Stars: 0
• Watchers: 5
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

          
# RelEngAPI Proxy

This is the proxy server which is used in the docker-worker which allows

individual tasks to talk to [Releng

API](https://github.com/mozilla/build-relengapi) without hardcoding credentials

into the containers themselves.

This works by creating a temporary RelengAPI access token bearing the

permissions specified for the task.  Permissions are specified as scopes, with

the prefix `docker-worker:relengapi-proxy:`.  For example, the

`tooltool.download.internal` permission will be available if the task has scope

`docker-worker:relengapi-proxy:tooltool.download.internal`.  Note that `*`

cannot be used to get all relengapi permissions.

The temporary token is requested using a permanent token known only to the

proxy, given on the command line with `--relengapi-token`.

__Note, relengapi-proxy can currently only run on https://taskcluster.net !!__

If other taskcluster deployment environments need to be supported, the

hardcoded reference to this `rootURL` should be removed from the code, and the

rootURL should be provided as an additional required command line parameter.

## Examples

Start the server, giving a relengapi token that can issue temporary tokens and a task ID

    relengapi-proxy --relengapi-token 12341234 -- 2szAy1JzSr6pyjVCdiTcoQ

Once that's running, and assuming a docker alias mapping `relengapi:80` to the proxy,

    curl relengapi/tooltool/sha512/

to download a file from tooltool, for example.

## Deployment

The proxy server can be deployed directly by building and running the package,

but the prefered method is via the `./build.sh` script which will compile the

proxy server for linux/amd64 and deploy the server to a docker image.

```sh

./build.sh user/relengapi-proxy-server

```

## Download via `go get`

__You will need at least go 1.8__. A newer version of go 1.x is also ok.

Set up your [GOPATH](https://golang.org/doc/code.html)

```sh

go get github.com/taskcluster/relengapi-proxy

```

## Hacking

To build, just run

```sh

go build

```

## Tests

To run the full test suites you need a

[RelengAPI](https://api.pub.build.mozilla.org/) token.  

That token must have at least `base.tokens.tmp.issue`, as well as any

permissions tasks may need.  

The token is supplied with the --relengapi-token

command-line argument.  

Note that credentials must not be included in environment variables!