Opened 8 years ago
Last modified 3 years ago
#52455 new enhancement
Buildbot: use GitHub authentication
| Reported by: | ryandesign (Ryan Carsten Schmidt) | Owned by: | admin@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | buildbot/mpbb | Version: | |
| Keywords: | buildbot | Cc: | neverpanic (Clemens Lang), mojca (Mojca Miklavec), raimue (Rainer Müller), larryv (Lawrence Velázquez), mkae (Marko Käning), mascguy (Christopher Nielsen) |
| Port: |
Description
Our Buildbot installation should allow developers to log in with their GitHub account, rather than maintaining a separate username and password.
Buildbot 0.8 has no built-in support for this. Buildbot 0.9 does but I don't want to upgrade to 0.9 at this time.
Buildbot 0.8 can be configured to trust the user information provided to it by a reverse proxy:
The MacPorts Buildbot currently runs WebStatus behind a simple nginx reverse proxy.
It was suggested on the Buildbot mailing list that we should try to use this:
https://github.com/bitly/oauth2_proxy
We would need to add a MacPorts port for it.
Change History (9)
comment:1 Changed 8 years ago by ryandesign (Ryan Carsten Schmidt)
comment:2 Changed 8 years ago by mkae (Marko Käning)
| Cc: | mkae added |
|---|
comment:3 Changed 8 years ago by mojca (Mojca Miklavec)
| Keywords: | buildbot added |
|---|
comment:4 Changed 7 years ago by neverpanic (Clemens Lang)
| Component: | server/hosting → buildbot/mpbb |
|---|
comment:5 Changed 4 years ago by ryandesign (Ryan Carsten Schmidt)
Replying to ryandesign:
Buildbot 0.8 has no built-in support for this. Buildbot 0.9 does but I don't want to upgrade to 0.9 at this time.
I'm working on trying out buildbot 2: #56044.
I have GitHub authentication working there. But for now I want to lock it down to only authorized users, and it turns out Buildbot's built-in authorization restrictions aren't that great, and it's still suggested to use oauth2-proxy with it for better security: https://github.com/buildbot/buildbot/issues/5433
It was suggested on the Buildbot mailing list that we should try to use this:
https://github.com/bitly/oauth2_proxy
We would need to add a MacPorts port for it.
This has been done: #60948
comment:6 follow-up: 7 Changed 4 years ago by neverpanic (Clemens Lang)
Note that that URL is outdated. The current upstream for oauth2_proxy is at https://github.com/oauth2-proxy/oauth2-proxy.
We are running multiple instances of oauth2_proxy on braeburn, for https://infra.macports.org/ and https://paste.macports.org/. Let me know if you need help configuring it.
comment:7 Changed 4 years ago by ryandesign (Ryan Carsten Schmidt)
Replying to neverpanic:
Note that that URL is outdated. The current upstream for oauth2_proxy is at https://github.com/oauth2-proxy/oauth2-proxy.
Right, we got the new version in the port.
We are running multiple instances of oauth2_proxy on braeburn, for https://infra.macports.org/ and https://paste.macports.org/. Let me know if you need help configuring it.
Too many configuration options. 😫 I'll look at it later.
comment:8 Changed 3 years ago by mascguy (Christopher Nielsen)
| Cc: | mascguy added |
|---|
comment:9 Changed 3 years ago by mascguy (Christopher Nielsen)
| Priority: | Low → Normal |
|---|
Has duplicate #52693.