[Buildbot-commits] [Buildbot] #1748: Allow obfuscating passwords, etc. on the master
Buildbot trac
trac at buildbot.net
Sun Jun 30 21:45:49 UTC 2013
#1748: Allow obfuscating passwords, etc. on the master
------------------------+--------------------
Reporter: GreYFoX | Owner:
Type: enhancement | Status: new
Priority: minor | Milestone: 0.8.+
Version: 0.8.3 | Resolution:
Keywords: sprint |
------------------------+--------------------
Comment (by rutsky):
I made proof-of-concept implementation of commands arguments obfuscation,
see latest commits in this branch:
https://github.com/vrutsky/buildbot/commits/POC_obfuscate_slave_side
[https://github.com/vrutsky/buildbot/commit/b86a06bd3b219abd084f6a3bcfb9995ce49cce4d
first commit] disables flattening of command line arguments and handle
two-item tuple arguments as (real, fake) arguments. Real part goes to
actual command, fake --- to logging. It can be used in following way:
{{{
f = BuildFactory()
f.addStep(ShellCommand(command=["echo", "arg1", ("p4ssw0rd", "********"),
"arg3"]))
}}}
[https://github.com/vrutsky/buildbot/commit/5cf56c8f8ed519385ff101654c7b4f98a90bb0f5
Second commit] adds support of password obfuscation in master-side svn
step.
This is just proof-of-concept because it doesn't contains tests (and
breaks current tests), it's not documented and because I think that this
isn't a proper way at all --- such logic should be done on master-side.
I propose following logic: always send all information to master from
buildslave (starting command, environment, logs), but in web-interface
show only required and allowed information. With this approach it will be
possible to implement access rights such as: usual user will see only
command output, and administrator will be able to see more detailed (and
possibly confidential) debug information.
Dustin, what do you think about this?
--
Ticket URL: <http://trac.buildbot.net/ticket/1748#comment:8>
Buildbot <http://buildbot.net/>
Buildbot: build/test automation
More information about the Commits
mailing list