[users at bb.net] Trying out modern buildbot finally...
Dan Kegel
dank at kegel.com
Mon May 14 05:55:14 UTC 2018
I've been running with an ancient buildbot for some time,
but in honor of the ubuntu 18.04 packaging, I'm giving
the modern stuff a whirl.
I tried locking down the UI to hide it from unauthenticated users, but
show it to gitlab users, as follows:
authz = util.Authz(
allowRules=[
util.AnyControlEndpointMatcher(role="platform"),
util.AnyEndpointMatcher(role="snorglepuss-does-not-exist",
defaultDeny=True),
],
roleMatchers=[
util.RolesFromGroups()
]
)
c['www'] = dict(port=8010,
auth=util.GitLabAuth("https://gitlab.example.com",
"foo", "bar"),
authz=authz,
change_hook_dialects=dict(
gitlab={
'secret': 'sssssh',
},
),
plugins=dict(waterfall_view={}, console_view={}, grid_view={}))
That does deny access to most things for anonymous users, except:
- as noted in the doc, some pages don't quite handle authentication
failures gracefully (that's ok)
- still shows 'About' and 'Settings' data
- still shows front page (should instead prompt for login?)
Worse, it must be a misconfiguration on my part, as logging in then doesn't
actually show anything :-)
Removing the AnyEndpointMatcher from allowRules lets logged in users see
what they should (but also lets non-logged-in users see builds).
Thanks!
- Dan
More information about the users
mailing list