[users at bb.net] [devel at bb.net] Authentication method for Try Builds
Pierre Tardy
tardyp at gmail.com
Fri Jan 5 11:13:09 UTC 2018
Hi Sergio,
Your LdapAuth looks useful! would you like to contribute it? I think it
hasn't been done yet because people are using oauth2 or the apache ldap
plugin.
The implementation you shown uses ldap synchronous library. We try to avoid
calling synchronous IO libraries from the main reactor thread. So we would
have to modify your implementation lightly to call ldap from a thread with
http://twistedmatrix.com/documents/current/api/twisted.internet.threads.deferToThread.html
As per the try scheduler it will be a little bit more complicated to
implement as the authentication for try scheduler is common with the
authentication for worker due to implementation details with the
perspective broker protocol.
Try scheduler is however mostly replaceable by the forcescheduler. Then you
can run them from commandline using the REST api, and a more or less custom
script. Did you consider this option?
Pierre
On Fri, Jan 5, 2018 at 9:46 AM Sergio Borghese <s.borghese at netresults.it>
wrote:
> Hi All,
>
> I was wondering if there is a way (a *workaround* really) to configure a
> try build scheduler using an external authentication class, similar to what
> you can do with the buildbot web view where you can configure an external
> authentication class that inherits from *util.CustomAuth*
> The current *Try_UserPass* method has the disadvantage or requesting to
> manage user's credentials in the buildbot configuration itself, that is a
> solution that does not scale very well.
> On the other side: is there a reason (technical I mean) why the same
> CustomAuth mechanics has not been implemented in the try scheduler? Could
> it be possible to extend the try scheduler to support such type of
> authentication?
>
> Just out of curiosity, here how I integrated the buildbot web view
> authentication with our Domain Server:
>
> 95 import ldap
> 96 class TestLdapAuth(util.CustomAuth):
> 97 def check_credentials(self, user, password):
> 98 conn = ldap.initialize('ldap://<my_domain_server_ip_address>')
> 99 conn.protocol_version=3
> 100 conn.set_option(ldap.OPT_REFERRALS, 0)
> 101 try:
> 102 conn.simple_bind_s(user, password)
> 103 conn.unbind_s()
> 104 return True
> 105 except ldap.LDAPError:
> 106 print 'ldap bind failed'
> 107 return False
> 108
> 109 # minimalistic config to activate new web UI
> 110 c['www'] = dict(port=8088,
> 111 plugins=dict(waterfall_view={}, console_view={},
> grid_view={}),
> 112 auth=TestLdapAuth())
> 113
>
> now all the developers (that have their user/passwd recorded on the
> company domain server) can authenticate to the buildbot nine webpage
> without the need for a separate set of credentials.
>
> Best Regards
> Sergio
>
> --
> Sergio Borghese
> Senior Software Engineer
> NetResults S.r.l.
> Via Agostino Bassi 5, 56121 Ospedaletto (Pi), Italy
> Tel.: +39.050.316.3658 <+39%20050%20316%203658>
> web: www.netresults.it
> _______________________________________________
> devel mailing list
> devel at buildbot.net
> https://lists.buildbot.net/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildbot.net/pipermail/users/attachments/20180105/a389f768/attachment.html>
More information about the users
mailing list