config: Add strict mode that forbids unknown params #45
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary: Changes were generated by the formatter, except to fix a syntax error. Test Plan: Existing tests. Reviewers: jcharumilind, pgopal Reviewed By: jcharumilind Subscribers: smahadevan Maniphest Tasks: T29275 Differential Revision: https://phabricator.grailbio.com/D39547 fbshipit-source-id: 949fd43
Summary: Exposes the ETag, which is a piece of data returned by S3 that contains a hash of information specific to a given version of a resource, outside of the s3file package. Test Plan: Tested in stacked diff D39535. Reviewers: rhuang, smahadevan Reviewed By: smahadevan Subscribers: smahadevan Maniphest Tasks: T29873 Differential Revision: https://phabricator.grailbio.com/D39665 fbshipit-source-id: 8078b9e
Summary: We currently have a hard-coded duration before expiration in which credentials are not refreshed. Making this configurable via a flag helps some users who have `grail-access` in their .bashrc, etc. Test Plan: Manual testing. Reviewers: aeiser, afields Reviewed By: aeiser, afields Subscribers: smahadevan, afields Differential Revision: https://phabricator.grailbio.com/D39733 fbshipit-source-id: 38ed4f3
…count Summary: T7463 switched the ticket-server to use HasMember API call that does lookups for neseted inheritence. T15539 switched the ticket-server to use cross account lookups, so a user with a @grailbio.com email could be in a group from summitstudies.co.uk and still be validated as a member. T29527 noticed that "sometimes" due to a Google API delays - the existing cross account lookup is slow. This diff reverts the cross account lookup to use the older group.get(member) API call which should avoide the API issues, and is a simplification over the old code. Test Plan: Verify in SBX staging, and create a test cross group lookup. Reviewers: #shared_infrastructure, trooney Reviewed By: trooney Subscribers: sbagaria, joshnewman, rhuang, smahadevan, mfoster Maniphest Tasks: T29527 Differential Revision: https://phabricator.grailbio.com/D39771 fbshipit-source-id: 335e2a8
Summary: blacklist must be a tsv containing columns: chr, pos, blacklist When using the --blacklist parameter, drop snps if their blacklist column contains TRUE. Ref T24754 Test Plan: Added unit test Reviewers: edamato, psingh Reviewed By: psingh Subscribers: smahadevan Maniphest Tasks: T24698, T24754 Differential Revision: https://phabricator.grailbio.com/D40257 fbshipit-source-id: 24b7f69
Summary: Upgrade AWS Go SDK version to v1.23.22 (primarily to make OSS and Grail Reflow versions compatible with each other) - Fix tests and code which otherwise breaks in the new version, specifically in the following files: `go/src/github.com/grailbio/base/file/s3file/s3file.go` `go/src/github.com/grailbio/reflow/blob/s3blob/s3blob.go` `go/src/github.com/grailbio/reflow/blob/s3blob/s3blob_test.go` - Regenerated mocks under SCRMS Test Plan: Unit tests Reviewers: pgopal, O3 third-party, O15 scrms, psteed, bbentson Reviewed By: pgopal, O3 third-party, O15 scrms, psteed, bbentson Subscribers: jcharumilind, dnicolaou, sbagaria Differential Revision: https://phabricator.grailbio.com/D40307 fbshipit-source-id: 596089e
…mentations
Summary:
Refactor the convenience methods in admit package in the following way:
- `admit.Do` takes a `func () (bool, error)` where the `bool` is the direct feedback to the policy's `Release()` method.
- `admit.Retry` takes a `func () (CapacityStatus, error)` where the `CapacityStatus` is one of `{Within, OverNeedRetry, OverNoRetry}` and gives feedback to both the policy's `Release()` method and on how the `admit.Retry` method should behave w.r.t retries.
Test Plan: Unit tests.
Reviewers: jcharumilind
Reviewed By: jcharumilind
Subscribers: pgopal, dnicolaou
Tags: PHID-PROJ-dtbui7u2vg2f25wzkosc
Maniphest Tasks: T30447
Differential Revision: https://phabricator.grailbio.com/D40009
fbshipit-source-id: d8a3170
Summary: Implement an AIMD-based controller as described in: https://docs.google.com/document/d/1Nl3UyQXTRusXDu8tIt_s9N6JxXu1vhuKeBYssyaKcGU Test Plan: Unit tests. Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: pgopal, dnicolaou Tags: PHID-PROJ-dtbui7u2vg2f25wzkosc Maniphest Tasks: T30447 Differential Revision: https://phabricator.grailbio.com/D40054 fbshipit-source-id: 2aee1ca
Summary: Instead of using the AWS SDK method `IsErrorRetryable` for AWS errors use it for all errors and fix the only test case which should be using AWS error types anyway. Test Plan: Unit tests Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: joshnewman Maniphest Tasks: T30700 Differential Revision: https://phabricator.grailbio.com/D40391 fbshipit-source-id: d9440ee
Summary: Since the move to AWS Go SDK v1.23.22, many of S3 transient errors are being considered as non-retryable which has been causing problems for users of bigslice particularly. This change makes us consider all AWS errors of type `RequestError`, regardless of underlying cause, as retryable, except in the case of context errors. Test Plan: Unit tests Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: joshnewman Maniphest Tasks: T30700, T30832 Differential Revision: https://phabricator.grailbio.com/D40560 fbshipit-source-id: b9933f9
Summary: Uses fatbin's mechanism for appending zip files to the end of executables. It's an alternative to [go_embed_data](https://github.com/bazelbuild/rules_go/blob/3762b89ad8b1d71007a4a07b194a48d505613c15/go/extras.rst#id3), which we've used (D39858), but this is faster: go_embed_data took ~1-2 minutes to embed the deepmm binary package (Pytorch is large) in a Go binary (classifier-evaluation-deepmm) whereas embedbin only takes ~10 s, making the development and testing experience much nicer. Perhaps more importantly, go_embed_data generates a ~3 GiB .go source file, which causes things like Bazel coverage measurement to OOM, whereas embedbin does no such thing. I prototyped reusing fatbin's internals (instead of copying), but I ended up copying because 1) they're not too complicated, 2) I think it's a good idea for embedbin binaries to use different magic because they're not interchangeable with fatbin binaries, 3) code and API reuse isn't too significant given that fatbins unify handling of the base executable and alternatives, whereas those are conceptually distinct in embedbin. Test Plan: Unit test suite adapted from fatbin's, as well as an end-to-end Bazel test that runs the gofat tool to embed files, then checks that the files are correctly embedded. This coverage would probably be useful in the Github version, but I don't know how to run it since the Github version does not use Bazel, so for now I've added this end-to-end test internally. Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: jschellenberger, aeiser, sbagaria, bbentson, skrishnamurthy, mmaher, smahadevan Maniphest Tasks: T30452 Differential Revision: https://phabricator.grailbio.com/D40476 fbshipit-source-id: 69b2103
Add the `eventlog` package which provides semi-structured event logging for convenient analytics. Example usage:
```
sess := session.NewSession()
cw := cloudwatchlogs.New(sess)
e := NewCloudWatchEventer(cw, "myLogGroup", "myLogStream")
e.Event("rpcRetry", "org", "GRAIL", "retry", 0, "maxRetry", 10)
e.Event("machineStopped", "addr", "192.168.1.1", "duration", 3600.0, "startTime": 1584140534)
```
These events will then be available in CloudWatch Logs (and therefore easily made available in Athena) for analysis.
Summary: Allow grail-ticket to exec a command with the aws environment flags Test Plan: n/a Reviewers: #shared_infrastructure, joshnewman, aeiser Reviewed By: #shared_infrastructure, aeiser Subscribers: smahadevan Differential Revision: https://phabricator.grailbio.com/D41635 fbshipit-source-id: 087dcd2
See grailbio#14 (comment) for context.
Co-authored-by: Alex Wissmann <awissmann@grailbio.com>
Summary: I'd like to make some changes to grail-access. I've wondered for a long time why it deletes an existing Vanadium principal before it starts an authentication flow instead of just updating the blessing. I partly think it's inelegant, but I've also seen multiple problems in #eng-help that were caused or exacerbated by running grail-access, canceling it, and not realizing that destroys the credentials. After a bit of code inspection recently, I think grail-access has quite a bit of historical cruft in its code (handling of the principal and its blessings is disorganized and redundant), and I think the patches to work around agent errors could be fixed in a more principled way. However, since we use it a lot and I'm learning as I go along, my first step is to introduce some tests. These all invoke grail-access as if from a shell and check its behavior and output to ensure user-visible behavior is unchanged. The connection of this to my actual work is rather distant: I am hoping this fixes a grail-fuse issue which will make it easier to do non-Go analysis work and otherwise streamline some dev environment tasks and then I'll be so much more productive (ha). I think it's worth giving grail-access some attention, since it is almost in its initial prototype state from three years ago, but it might just take some time, and I understand if it takes time to review. Test Plan: Tests the EC2 blesser. I don't know how to reasonably fake the Google oauth2 server, but that's also the more reasonable flow to test manually, so we may need to just rely on that. Tests pass with both Bazel and `go test`. Reviewers: aeiser Reviewed By: aeiser Subscribers: smahadevan, krestivo, afields, sbagaria Differential Revision: https://phabricator.grailbio.com/D44965 fbshipit-source-id: e2ff93d
Summary: Mitch pointed me to some helpful references and I assembled a test for part of the Google authentication flow. I'm not bothering with anything browser-y, instead assuming the user used their browser to get a code (which is then ignored). While this test skips some of the flow, I think it's still useful, at least exercising the Vanadium bits. Test Plan: Yes. Reviewers: aeiser, mskinner Reviewed By: mskinner Subscribers: jcharumilind, smahadevan Differential Revision: https://phabricator.grailbio.com/D45052 fbshipit-source-id: bc48505
Summary: Allow the ticket-server email and group regex to have special characets like `-`, `_`,`+`, and `.`. NOTE: this is not a complete regex of all supported email characters. e.g. Uppercase is not included since Google lowercases all addresses. Closes T36541 Test Plan: Verified as part of D45302 Reviewers: #shared_infrastructure, ender, bbentson Reviewed By: #shared_infrastructure, bbentson Subscribers: smahadevan Maniphest Tasks: T36541 Differential Revision: https://phabricator.grailbio.com/D45350 fbshipit-source-id: 2047926
Summary: Add support to the ticket-server to sign SSH Certificates for easier access to systems that are managed by teams. Add new grail-ssh command to simplify the use of the SSH Certificates. Design doc: https://docs.google.com/document/d/1_pKjirMinqm8UykFqEm5bqAqnwLOsV3qazio0pjE80I/edit Test Plan: Tested locally and in staging Reviewers: treaster, #shared_infrastructure Reviewed By: treaster Subscribers: sbagaria, smahadevan, treaster Maniphest Tasks: T36722 Differential Revision: https://phabricator.grailbio.com/D41472 fbshipit-source-id: a6cdc49
Summary: [We've started encountering this error](https://grailbio.slack.com/archives/CRRJ02JCQ/p1590079383265300) during S3 throttling. Test Plan: Unit tests. Reviewers: jcharumilind, smahadevan Reviewed By: jcharumilind Subscribers: soheil, jschellenberger Differential Revision: https://phabricator.grailbio.com/D45625 fbshipit-source-id: 4a15ddf
Summary:
As mentioned in D44965, several people have asked in #eng-help about issues
with grail-access where deleting credentials before starting a new
authentication flow made things worse.
In the process, I've made some other improvements:
* Load principal with `agentlib` before calling `v23.Init`. This avoids some
potentially confusing conflicts where `v23.Init` starts an agent and locks
the principal so we can't load it.
* Respect `$V23_CREDENTIALS` is present. I think we should just delete our
`-dir` flag, but I want to preserve compatibility for now.
* General cleanup: code deduplication, consistent logging, consistent contexts.
Test Plan:
Existing unit tests (from D44965), run on macOS and Linux with both Bazel and go test.
Also, I wrote a test script for manually testing the Google flow and executed on macOS and Linux.
Output on Linux (with redactions):
$ cmd/grail-access/manual_google_test.bash
Instructions:
Running manual tests. If the script exits with a non-zero error code, the tests failed.
You'll also be prompted to review output manually. If it doesn't look right, the tests failed.
Using temporary directory for test: /tmp/tmp.PZSaBvnIrf
Building grail-access for the test...
Step 1/3: Starting grail-access Google authentication flow. Please complete it.
************************************************************************
2020/05/28 06:08:37 INFO: Couldn't load principal from ./v23. Creating new one...
I0528 06:08:37.176503 16864 google.go:67] listening: 127.0.0.1:35689
The attempt to automatically open a browser failed. Please open the following link:
https://accounts.google.com/o/oauth2/v2/auth?...
Paste the received code and then press enter: ...
Successfully applied new blessing:
Public key: 6c:c8:a6:22:01:83:b5:61:f4:0e:f9:f0:3c:ab:73:d8
---------------- BlessingStore ----------------
Default Blessings v23.grail.com:google:joshnewman@grailbio.com
Peer pattern Blessings
... v23.grail.com:google:joshnewman@grailbio.com
---------------- BlessingRoots ----------------
Public key Pattern
98:61:28:77:eb:5f:97:7f:2c:ef:4d:1b:f1:4d:fd:c0 [v23.grail.com]
Expires on 2020-06-04 06:08:45.544893802 +0000 UTC (in 168h0m0.002995278s)
************************************************************************
Done with authentication flow.
If it succeeded, you should lines like these above:
Default Blessings v23.grail.com:google:YOUR_USERNAME@grailbio.com
and
... v23.grail.com:google:YOUR_USERNAME@grailbio.com
and an expiration date in the future.
Continue with next test? [Y]
Step 2/3: Next, running the same flow, but automatically canceling.
************************************************************************
I0528 06:08:49.313507 16964 google.go:67] listening: 127.0.0.1:38975
The attempt to automatically open a browser failed. Please open the following link:
https://accounts.google.com/o/oauth2/v2/auth?...
Paste the received code and then press enter: ERROR: failed to fetch blessings: EOF
************************************************************************
Step 3/3: Finally, make sure our Step 1 credentials survived.
************************************************************************
Public key: 6c:c8:a6:22:01:83:b5:61:f4:0e:f9:f0:3c:ab:73:d8
---------------- BlessingStore ----------------
Default Blessings v23.grail.com:google:joshnewman@grailbio.com
Peer pattern Blessings
... v23.grail.com:google:joshnewman@grailbio.com
---------------- BlessingRoots ----------------
Public key Pattern
98:61:28:77:eb:5f:97:7f:2c:ef:4d:1b:f1:4d:fd:c0 [v23.grail.com]
Expires on 2020-06-04 06:08:45.544893802 +0000 UTC (in 167h59m56.20723528s)
************************************************************************
You should see the same blessing lines as in Step 1, and a consistent expiry time.
If not, the tests failed.
Cleaning up test directory: /tmp/tmp.PZSaBvnIrf
Reviewers: aeiser
Reviewed By: aeiser
Subscribers: jcharumilind, krestivo, smahadevan
Differential Revision: https://phabricator.grailbio.com/D45022
fbshipit-source-id: 76802df
…g and prepostdev) Test Plan: Check that the image is produced via webconsole (It was been produced) Reviewers: O34 Pre/Post, treaster, fdegiuli Reviewed By: O34 Pre/Post, treaster Subscribers: #lab_testing, smahadevan Differential Revision: https://phabricator.grailbio.com/D45662 fbshipit-source-id: a47a020
Summary: Remove terms and references that are based in racial segregation. REF: T37372 Test Plan: unit tests related to allow/deny Reviewers: bbentson, skrishnamurthy, ender Reviewed By: skrishnamurthy Subscribers: smahadevan Maniphest Tasks: T37372 Differential Revision: https://phabricator.grailbio.com/D46020 fbshipit-source-id: ca05c4c
Summary: We want one image with both grail-access and grail-ticket so dumping grail-access binary into grail-ticket image. Test Plan: apply it to the trs server. ``` ******************************************************* * WARNING: $V23_CREDENTIALS is not defined! * ******************************************************* How to fix this in bash: export V23_CREDENTIALS=/root/.v23 2020/06/11 17:39:01 INFO: Couldn't load principal from /root/.v23. Creating new one... ERROR: failed to fetch blessings: grail-access:<rpc.Client>"/ticket-server.eng.grail.com:8102/blesser/ec2".BlessEc2: Error: launch time is too old: 2020-06-05 17:32:11 +0000 UTC should be within 1h0m0s ``` Returns the proper failure mode Reviewers: fdegiuli, treaster Reviewed By: fdegiuli Subscribers: smahadevan Differential Revision: https://phabricator.grailbio.com/D46068 fbshipit-source-id: 117bea8
Summary: It accumulated many types and functions over the years and they were sometimes interleaved in ways that didn't promote readability. I've split out a few files mostly centered around particular operations. This should be a pure refactoring. Almost all changes are just moving things between files, with a few documentation changes and converting an unexported function to a method (with a receiver). I expect no behavior changes. Test Plan: Existing builds and tests. The test code was smaller and I didn't refactor it. Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: smahadevan Differential Revision: https://phabricator.grailbio.com/D46285 fbshipit-source-id: 53ac2a7
Summary:
I considered doing more sophisticated things (Cloudwatch, Prometheus push,
etc.), but I don't think it's clear yet how we want to use these (and how long
they'll stick around), so simple counting and logging seems like the best
short-term approach. It'll be easy to revert and replace later, or extend to
cover more S3 request types.
Test Plan:
Ran an S3-heavy program and observed logging like
2020/06/22 23:40:07 s3file metrics: op:stat n:996 r:996/0/0/0 t:0/0/864/132/0/0/0 mib:0 [/min]
2020/06/22 23:40:07 s3file metrics: op:read n:181692 r:3462/0/0/0 t:172248/5850/2562/1032/0/0/0 mib:10154 [/min]
2020/06/22 23:40:17 s3file metrics: op:read n:13458 r:0/0/0/0 t:3234/10182/42/0/0/0/0 mib:13458 [/min]
2020/06/22 23:40:27 s3file metrics: op:read n:13422 r:0/0/0/0 t:2442/10932/42/0/0/0/0 mib:13416 [/min]
Reviewers: jcharumilind
Reviewed By: jcharumilind
Subscribers: smahadevan, jschellenberger
Differential Revision: https://phabricator.grailbio.com/D46329
fbshipit-source-id: f0ed231
Summary: Experiments suggest this greatly reduces S3 request rate for sequential access patterns. Test Plan: Read fragments files (which go through recordio magic checking, etc.) using a few programs. New simple unit tests as well as more extensive randomized operation generation and comparison to `bytes.Buffer` (as a golden reference). File reading benchmarks (that are quick and run on SSD, not S3, and thus are unaffected by the original issue) are unchanged, which is good. Reviewers: jcharumilind Reviewed By: jcharumilind Subscribers: smahadevan, jschellenberger Differential Revision: https://phabricator.grailbio.com/D46330 fbshipit-source-id: 2acf8f3
…ounts to be validated as ticket-server users Summary: Allow the ticket-server to support multiple google domains when performing user verification and blessing. Allow the ticket-server to support multiple google domains when performing google group lookups Correct incorrect regex that did not escape special characters `.\([`. FIXES T37864 Test Plan: Run local ticket-server Perform several calls to create a user, and use tickets ``` GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-access -blesser-google=/@6@wsh@:9002@@35741be6d925abac81c7878ff24e7dfa@s@v23.grail.com@@/blesser/google I0618 22:23:21.863538 40060 google.go:67] listening: 127.0.0.1:53322 Opening "https://accounts.google.com/o/oauth2/v2/auth?access_type=online&client_id=27162366543-edih9cqc3t8p5hn9ord1k1n7h4oajfhm.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A53322&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=3f9d3f4f2bec9c70f6c7bd371593e0b1"... Successfully applied new blessing: Public key: cc:e5:97:7d:a8:f9:19:b1:fe:60:7d:5d:b3:98:29:26 ---------------- BlessingStore ---------------- Default Blessings v23.grail.com:google:aeiser@contractors.grail.com Peer pattern Blessings ... v23.grail.com:google:aeiser@contractors.grail.com ---------------- BlessingRoots ---------------- Public key Pattern 98:61:28:77:eb:5f:97:7f:2c:ef:4d:1b:f1:4d:fd:c0 [v23.grail.com] Expires on 2020-06-25 22:24:42.691220945 -0700 PDT (in 167h59m59.981234945s) ``` ``` GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-access -blesser-google=/@6@wsh@:9002@@35741be6d925abac81c7878ff24e7dfa@s@v23.grail.com@@/blesser/google I0618 22:24:50.558327 40198 google.go:67] listening: 127.0.0.1:53714 Opening "https://accounts.google.com/o/oauth2/v2/auth?access_type=online&client_id=27162366543-edih9cqc3t8p5hn9ord1k1n7h4oajfhm.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A53714&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=c09ce502d5980d70a84d227579c9b209"... ERROR: failed to fetch blessings: grail-access:<rpc.Client>"/@6@wsh@:9002@@35741be6d925abac81c7878ff24e7dfa@s@v23.grail.com@@/blesser/google".BlessGoogle: Error: ID token has a wrong hosted domain: got "sandbox.grail.com", want "grailbio.com,contractors.grail.com" ``` ``` GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-access -blesser-google=/@6@wsh@:9002@@35741be6d925abac81c7878ff24e7dfa@s@v23.grail.com@@/blesser/google I0618 22:24:58.766576 40203 google.go:67] listening: 127.0.0.1:53723 Opening "https://accounts.google.com/o/oauth2/v2/auth?access_type=online&client_id=27162366543-edih9cqc3t8p5hn9ord1k1n7h4oajfhm.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A53723&response_type=code&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=a34a4e69355f5f0a77e20c5d2df46722"... Successfully applied new blessing: Public key: cc:e5:97:7d:a8:f9:19:b1:fe:60:7d:5d:b3:98:29:26 ---------------- BlessingStore ---------------- Default Blessings v23.grail.com:google:aeiser@grailbio.com Peer pattern Blessings ... v23.grail.com:google:aeiser@grailbio.com ---------------- BlessingRoots ---------------- Public key Pattern 98:61:28:77:eb:5f:97:7f:2c:ef:4d:1b:f1:4d:fd:c0 [v23.grail.com] Expires on 2020-06-25 22:25:02.026613997 -0700 PDT (in 167h59m59.992090997s) ``` Before aeiser@contractors.grail.com added to eng/dev ``` GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-access -blesser-google=/@6@wsh@:9002@@f085cdc756039daeccdb46a54cb2ac2a@s@v23.grail.com@@/blesser/google Successfully applied new blessing: Public key: cc:e5:97:7d:a8:f9:19:b1:fe:60:7d:5d:b3:98:29:26 ---------------- BlessingStore ---------------- Default Blessings v23.grail.com:google:aeiser@contractors.grail.com Peer pattern Blessings ... v23.grail.com:google:aeiser@contractors.grail.com ---------------- BlessingRoots ---------------- Public key Pattern 98:61:28:77:eb:5f:97:7f:2c:ef:4d:1b:f1:4d:fd:c0 [v23.grail.com] Expires on 2020-06-25 22:41:20.033580147 -0700 PDT (in 167h59m59.993922147s) GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-aws //@6@wsh@:9002@@f085cdc756039daeccdb46a54cb2ac2a@s@v23.grail.com@@/eng/dev/admin no subcommand specified, inferring 'credentials' based on other args E0618 22:41:33.777187 40932 conncache.go:319] Failed to resolve (wsh, :9002): lookup : no such host ticket-server:"eng/dev/admin".Get: Access denied: ticket-server:"eng/dev/admin".Get: not authorized to call eng/dev/admin.Get: ticket-server:"eng/dev/admin".Get: [v23.grail.com:google:aeiser@contractors.grail.com] does not have Read access (rejected blessings: []) ``` After adding to eng/dev ``` GB-C02YR4M9LVCG:sandbox.grail aeiser$ grail-aws /@6@wsh@:9002@@e10baa5fa1ae90e431e077e2ab7531af@s@v23.grail.com@@/eng/dev/admin no subcommand specified, inferring 'credentials' based on other args E0618 22:34:08.812232 40729 conncache.go:319] Failed to resolve (wsh, :9002): lookup : no such host export AWS_ACCESS_KEY_ID=ASIAZAUXVPWNLVEPKWOU export AWS_SECRET_ACCESS_KEY=XXXX export AWS_SESSION_TOKEN=YYYY ``` Reviewers: #shared_infrastructure, btoledo Reviewed By: #shared_infrastructure, btoledo Subscribers: joshnewman, contractor-aeiser, btoledo, smahadevan Maniphest Tasks: T37864 Differential Revision: https://phabricator.grailbio.com/D46325 fbshipit-source-id: c6a773e
…grailbio/grail!5101) Approved-by: Christopher Chang <cchang@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5101 fbshipit-source-id: 112ab8b
…il!3430) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/3430 fbshipit-source-id: e0ee2e4
Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5469 fbshipit-source-id: 5c2f1ef
Approved-by: Christopher Chang <cchang@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5100 fbshipit-source-id: 1523c50
…5644) Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5644 fbshipit-source-id: 3714730
…rail!5098) Co-authored-by: Christopher Chang <cchang@grailbio.com> Approved-by: Christopher Chang <cchang@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5098 fbshipit-source-id: e1fc1ed
Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5722 fbshipit-source-id: 2f01886
Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5866 fbshipit-source-id: 3f4a796
Co-authored-by: Josh Newman <joshnewman@grailbio.com> Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5897 fbshipit-source-id: f19b211
Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5899 fbshipit-source-id: dd3719a
…o/grail!5794) Co-authored-by: Jaran Charumilind <jcharumilind@grailbio.com> Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5794 fbshipit-source-id: 6c686eb
Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6163 fbshipit-source-id: 4c25ea9
Co-authored-by: Jaran Charumilind <jcharumilind@grailbio.com> Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5967 fbshipit-source-id: a19dae1
Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6167 fbshipit-source-id: 07a34a9
…!5927) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5927 fbshipit-source-id: c40a2d7
…io/grail!6060) Co-authored-by: Jaran Charumilind <jcharumilind@grailbio.com> Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6060 fbshipit-source-id: b741254
…l!5795) Co-authored-by: Jaran Charumilind <jcharumilind@grailbio.com> Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/5795 fbshipit-source-id: 15d07a8
…l!6345) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6345 fbshipit-source-id: eab9877
…408) Approved-by: Jaran Charumilind <jcharumilind@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6408 fbshipit-source-id: 89dee01
…ail!6567) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6567 fbshipit-source-id: 445a39e
…essings (grailbio/grail!6716) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/6716 fbshipit-source-id: 79670c1
Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/7791 fbshipit-source-id: 5a1ec56
…rail!7904) Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/7904 fbshipit-source-id: ba2a4b6
Approved-by: Josh Newman <joshnewman@grailbio.com> GitLab URL: https://gitlab.com/grailbio/grail/-/merge_requests/7906 fbshipit-source-id: f9915ad
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.