supply authentication to zuul's gerrit baseurl
Bug #1194992 reported by
John Dewey
This bug affects 4 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Zuul |
In Progress
|
Undecided
|
Zang MingJie | ||
Bug Description
We don't want to allow anonymous r/o access to our repos. To disable this,
we disabled the Anonynous user from refs/*. However, when doing this, prevents zuul from connecting to gerrit anonymously.
[gerrit]
baseurl=http://
server=127.0.0.1
user=jenkins
sshkey=
Was hoping we could allow user/pass options, so zuul can construct an authenticated URL to query gerrit.
| description: | updated |
Revision history for this message
| Jeremy Stanley (fungi) wrote | #1 |
Revision history for this message
| John Dewey (retr0h) wrote | #2 |
| Changed in zuul: | |
| status: | New → In Progress |
| assignee: | nobody → Zang MingJie (zealot0630) |
Revision history for this message
| Zang MingJie (zealot0630) wrote | #3 |
Revision history for this message
| Gene Snider (gene-4) wrote | #4 |
Revision history for this message
| Xiaofei.Wang (wangxf-s) wrote | #5 |
Revision history for this message
| Xiaofei.Wang (wangxf-s) wrote | #6 |
To post a comment you must log in.
It's worth noting that plaintext HTTP will potentially leak your credentials for this. HTTPS with proper certificate validation or possibly Gerrit's SSH interface could provide a secure transport for this sort of feature enhancement. Since Zuul already needs to be able to connect to Gerrit's SSH interface to read the event stream, perhaps much of the needed key management logic is already in place for that?