Kill ~/.ubuntu-ci
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu CI Engine |
Fix Released
|
Medium
|
Para Siva | ||
Mthood |
New
|
Undecided
|
Unassigned |
Bug Description
This will be fixed in three parts:
- Creating a component to upload files on behalf of CLI, to remove the need of swift credentials on the client side. This is already done.
- Adding support to the CLI to talk to the gatekeeper component instead of uploading files by itself. This is in progress.
- Making ciairline.
Original report follows:
12:29 PM <ev> auth_user, auth_password, auth_region, auth_url, auth_tenant_name - these are specific to swift. Letting them leak out to the developers is dangerous, given that those same credentials could remove everything we've stored. Some other component should hold these and proxy requests to Swift when creating a new ticket.
12:30 PM <ev> ci_url - should default to airline.ubuntu.com (or whatever we call it) and be overridden by a command line parameter
The component proxying requests to swift or the ticket system should validate the signature of the upload and discard the data if it's not valid or does not match an approved list. This will help to prevent a malicious user from flooding swift.
description: | updated |
Changed in ubuntu-ci-services-itself: | |
milestone: | backlog → phase-1 |
Changed in uci-engine: | |
importance: | Undecided → Low |
milestone: | none → phase-1 |
description: | updated |
description: | updated |
Changed in uci-engine: | |
assignee: | Celso Providelo (cprov) → Parameswaran Sivatharman (psivaa) |
status: | In Progress → Fix Committed |
Changed in uci-engine: | |
status: | Fix Committed → Fix Released |
We'll also need to come up with a plan for how to securely get private images out of Swift. GPG sign the request in the case of the CLI, and sync to SSO in the case of the webui? The latter has the disadvantage of further binding us to LP unless we make the OpenID provider configurable at the charm level.