From 7ccf31d3b68ff1cb8c4360b132b244f86ef101d5 Mon Sep 17 00:00:00 2001 From: Junji Watanabe Date: Mon, 31 Oct 2022 17:48:29 +0900 Subject: [PATCH] [infra] Allow project-libyuv-admins group to trigger LED tasks "role/swarming.taskTriggerer" gives "swarming.tasks.createInRealm" permission. https://source.chromium.org/chromium/infra/infra/+/main:luci/appengine/auth_service/realms/permissions.py;l=114;drc=36516367cd70f195935ffd933d939e770e3b2c65 This fixes the auth error in "led launch". http://screen/58TYKnHALbRUQKb Bug: b:255217089 Change-Id: Idbfc06e7ad8a94caac9bfd1fe473c60d6e4addf6 Reviewed-on: https://chromium-review.googlesource.com/c/libyuv/libyuv/+/3990134 Reviewed-by: Christoffer Jansson Commit-Queue: Junji Watanabe --- infra/config/main.star | 4 ++++ infra/config/realms.cfg | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/infra/config/main.star b/infra/config/main.star index 1268e6843..b722b114b 100755 --- a/infra/config/main.star +++ b/infra/config/main.star @@ -79,6 +79,10 @@ luci.project( acl.entry(acl.BUILDBUCKET_OWNER, groups = ["project-libyuv-admins"]), ], bindings = [ + luci.binding( + roles = "role/swarming.taskTriggerer", # for LED tasks. + groups = "project-libyuv-admins", + ), luci.binding( roles = "role/configs.validator", users = "libyuv-try-builder@chops-service-accounts.iam.gserviceaccount.com", diff --git a/infra/config/realms.cfg b/infra/config/realms.cfg index ae04529ef..16ffaac90 100644 --- a/infra/config/realms.cfg +++ b/infra/config/realms.cfg @@ -38,6 +38,10 @@ realms { role: "role/scheduler.reader" principals: "group:all" } + bindings { + role: "role/swarming.taskTriggerer" + principals: "group:project-libyuv-admins" + } } realms { name: "ci"