hudson pantheon_init job not running due to permissions

We can pass in credentials when requesting the job.

------Original Message------
From: Aaron Levy
Sender: <email address hidden>
To: David Strauss
ReplyTo: Bug 618795
Subject: [Bug 618795] [NEW] hudson pantheon_init job not running due topermissions
Sent: Aug 16, 2010 11:05

Public bug reported:

In /etc/rc.local we make a call to the hudson CLI to run the
pantheon_init job on first boot. However, now that we have enabled
access control in hudson, this job fails:

hudson.security.AccessDeniedException2: anonymous is missing the Build
permission

** Affects: pantheon
     Importance: Critical
         Status: Confirmed

--
hudson pantheon_init job not running due to permissions
https://bugs.launchpad.net/bugs/618795
You received this bug notification because you are a member of PANTHEON
Developers, which is subscribed to Pantheon.

This bug appears to be related to the following error I get when running the pantheon_init job from the hudson GUI:

Also, i'm getting this when running init.sh via husdon:

/usr/lib/python2.6/getpass.py:83: GetPassWarning: Can not control echo on the terminal.
  passwd = fallback_getpass(prompt, stream)
Warning: Password input may be echoed.
Password for pantheon@localhost: [pantheon@localhost] sudo: /etc/init.d/bcfg2-server stop
Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/fabric/main.py", line 419, in main
    commands[name](*args, **kwargs)
  File "/opt/pantheon/fabric/update.py", line 9, in update_pantheon
    sudo('/etc/init.d/bcfg2-server stop')
  File "/usr/lib/pymodules/python2.6/fabric/network.py", line 382, in host_prompting_wrapper
    return func(*args, **kwargs)
  File "/usr/lib/pymodules/python2.6/fabric/operations.py", line 515, in sudo
    channel = connections[env.host_string]._transport.open_session()
  File "/usr/lib/pymodules/python2.6/fabric/network.py", line 65, in __getitem__
    self[real_key] = connect(user, host, port)
  File "/usr/lib/pymodules/python2.6/fabric/network.py", line 211, in connect
    password = prompt_for_password(password, text)
  File "/usr/lib/pymodules/python2.6/fabric/network.py", line 271, in prompt_for_password
    new_password = getpass.getpass(password_prompt)
  File "/usr/lib/python2.6/getpass.py", line 83, in unix_getpass
    passwd = fallback_getpass(prompt, stream)
  File "/usr/lib/python2.6/getpass.py", line 118, in fallback_getpass
    return _raw_input(prompt, stream)
  File "/usr/lib/python2.6/getpass.py", line 135, in _raw_input
    raise EOFError
EOFError
Finished: FAILURE

The above issue is unrelated and has been fixed in 612. update.py was using sudo() rather than local() and this caused it to try and make an ssh connection.

The original issue is due to hudson closing a potential security hole (CLI commands didn't need user credentials).

http://hudson-labs.org/changelog

What's new in 1.371 (2010/08/09)
A security hole in CLI command implementations enable unauthorized users from executing commands. (SECURITY-5)