[Buildbot-devel] Authentication of http based communication
Charles Lepple
clepple at gmail.com
Wed May 5 01:14:35 UTC 2010
On Tue, May 4, 2010 at 2:20 PM, Dustin J. Mitchell <dustin at zmanda.com> wrote:
> On Tue, May 4, 2010 at 1:11 PM, Ben Hearsum <bhearsum at mozilla.com> wrote:
>> I think it is entirely out of scope for Buildbot to perform any sort of
>> authentication. Time spent writing and maintaining authentication and
>> access control for WebStatus is time not spent working on Buildbot's
>> most important job.
>
> I hate to break it to y'all, but as of 0.8.0, Buildbot *has* a
> reasonable auth/authz framework. It doesn't use cookies or anything,
> but that could be added fairly easily.
At first glance, this sounds like it would let me do away with my
/public and /private URLs (proxied to two different WebStatus
listeners):
http://djmitche.github.com/buildbot/docs/latest/WebStatus-Configuration-Parameters.html#WebStatus-Configuration-Parameters
However, this page says to check for authorization before displaying
an optional feature:
http://djmitche.github.com/buildbot/docs/latest/Web-Authorization-Framework.html#Web-Authorization-Framework
If this is HTTP auth, doesn't that mean that anonymous/unprivileged
users will have to hit cancel on a few authentication dialogs as they
are browsing the status pages? (Assuming some features have been
designated "authentication required".)
--
- Charles Lepple
More information about the devel
mailing list