Skip to content

Generate service accounts when registering scanner webhooks #24325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
willdurand merged 3 commits into from
Jan 20, 2026
Merged

Generate service accounts when registering scanner webhooks #24325

willdurand merged 3 commits into from
Jan 20, 2026
+260 −1

Conversation

@willdurand
Copy link
Member

@willdurand willdurand commented Jan 14, 2026

Fixes mozilla/addons#15944

While this creates a service account automatically (with JWT/AMO API
keys), configuring the groups/permissions remains a manual process
because every service is going to be different.

@willdurand willdurand force-pushed the service-account branch 2 times, most recently from 5a546a6 to a2da4eb Compare January 14, 2026 15:39
willdurand
willdurand commented Jan 14, 2026
View reviewed changes
@willdurand willdurand marked this pull request as ready for review January 14, 2026 15:42
@willdurand willdurand requested a review from diox January 14, 2026 17:36
diox
diox reviewed Jan 19, 2026
View reviewed changes
diox
diox requested changes Jan 19, 2026
View reviewed changes
src/olympia/scanners/models.py
@@ -256,6 +257,21 @@ class ScannerWebhook(ModelBase):
class Meta:
db_table = 'scanners_webhooks'

def save(self, *args, **kwargs):
UserProfile.objects.get_or_create_service_account(
Copy link
Member

@diox diox Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also automatically delete it if the ScannerWebhook gets deleted ?

Copy link
Member Author

@willdurand willdurand Jan 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good question. I didn't link scanner webhooks with UserProfile precisely to not have to delete the accounts when the ScannerWebhook is deleted but I am wondering if this is good. Though, my approach to this would be to keep things simple for now, and iterate.

@willdurand willdurand requested a review from diox January 20, 2026 13:11
@willdurand
Copy link
Member Author

willdurand commented Jan 20, 2026

Updated!

@willdurand willdurand merged commit 5bcbd03 into master Jan 20, 2026
46 checks passed
@willdurand willdurand deleted the service-account branch January 20, 2026 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diox diox diox approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Task]: Create service accounts for the scanner pipeline

3 participants

@willdurand @diox