[Buildbot-devel] Authentication of http based communication

Ben Hearsum bhearsum at mozilla.com
Tue May 4 18:11:38 UTC 2010



On 10-05-04 2:06 PM, exarkun at twistedmatrix.com wrote:
> On 05:38 pm, bhearsum at mozilla.com wrote:
>> I would bet that most people that want authentication on WebStatus would
>> benefit by putting it behind an httpd proxy, and having that do the
>> auth. No need for Buildbot to re-implement all of that stuff, IMHO.
>
> This makes things a lot harder than they need to be. First, now you need
> another http server. To actually work, it needs to know about all of
> buildbot's URLs. You have to update it every time you update buildbot
> and any of the URL structure changes (ie, a new capability is added at a
> new URL and needs to be restricted). For proper logging to work,
> buildbot would still need to be extended to recognize some auth header
> passed along from the proxy, or you're forced to try to re- combine logs
> from the two different servers.

I don't think any of those minor inconviences outweigh the benefits and 
simplicity gains in Buildbot.

> Not that I expect anyone to go and implement proper authentication in
> buildbot for me, but it'd be nice if people didn't kid themselves into
> believing that using a proxy is necessarily (or even probably) a better
> solution.

I think it is entirely out of scope for Buildbot to perform any sort of 
authentication. Time spent writing and maintaining authentication and 
access control for WebStatus is time not spent working on Buildbot's 
most important job.

Maybe a good middle ground would be start shipping sensible 
apache/whatever configs or otherwise make them available?




More information about the devel mailing list