Ticket #200 (closed enhancement: fixed)

Opened 5 years ago

Last modified 3 years ago

Provide HTTP auth around build buttons

Reported by: zandr Owned by:
Priority: major Milestone: 0.8.0
Version: 0.7.6 Keywords:
Cc:

Description

Allmydata.com runs several Buildbot instances for various projects, both internal and external. In many cases we have slaves providing builds for community projects, and we have community provided slaves building our projects.

As such, there's some tension between contributors being able to invoke builds, and desire to keep malicious bots from DoSing? our slaves. (Not that this has happened yet)

An obvious solution would be to wrap the build button with http basic auth, and automatically populate that table with the buildslave logins. Thus running a slave gives you permission to make it do work. I'm not terribly concerned about making things more granular than that (such that you can only make *your* slave run), at least not yet.

I'll be implementing this manually for Allmydata next week, but it seems like it would be simple and valuable to add some of this to Buildbot itself.

Change History

comment:1 Changed 4 years ago by dustin

  • Milestone changed from undecided to 0.7.+

See also #252, preventing googlebot et al. from triggering builds

comment:2 Changed 3 years ago by dustin

  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone changed from 0.8.+ to 0.8.0

This got implemented in 0.8.0 - see the Authentication and authorization framework.

Note: See TracTickets for help on using tickets.