The taskcluster authentication server manages permissions and credentials in the taskcluster eco-system. Identifiers, credentials and authorized scopes will be stored in azure table storage, and various components will be granted read-only access in-order to authorize requests.
On the client side, an authorized client must have a CLIENT_ID and an
ACCESS_TOKEN to be used with hawk for making requests.
On the server side, CLIENT_IDs will resolve to ACCESS_TOKEN for HMAC
validation and a set of scopes, which will be used to determine what resources
the client is authorized to access.
Service Owner: [email protected]
If you deploy a copy of this application that fails to start, all of Taskcluster will come to a screeching halt immediately. Don't do that.
This app auto-deploys from Github to the staging environment, which uses a different Azure backend.
To hack on this service, you can begin by cloning the repository and running yarn --frozen-lockfile to install its dependencies.
Then run yarn test to run the test suite.
It should pass, although some tests will be skipped.
If you are not modifing functionality tested by the skipped tests you're ready to get started: write some tests for the new functionality, then implement it!
If you are modifying something requiring credentials, you may need to set up credentials.
To do so, copy user-config-example.yml to user-config.yml and fill in the necessary credentials based on the comments in that file.
Taskcluster team members can provide you with some testing-only credentials -- just ask, and provide a GPG key (use https://keybase.io if you don't have one).
You can get your own pulse credentials at https://pulseguardian.mozilla.org.
The taskcluster team has a series of best practices which may help guide you in modifying the source code and making a pull request.