supply authentication to zuul's gerrit baseurl
Bug #1194992 reported by
John Dewey
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zuul |
In Progress
|
Undecided
|
Zang MingJie |
Bug Description
We don't want to allow anonymous r/o access to our repos. To disable this,
we disabled the Anonynous user from refs/*. However, when doing this, prevents zuul from connecting to gerrit anonymously.
[gerrit]
baseurl=http://
server=127.0.0.1
user=jenkins
sshkey=
Was hoping we could allow user/pass options, so zuul can construct an authenticated URL to query gerrit.
description: | updated |
Changed in zuul: | |
status: | New → In Progress |
assignee: | nobody → Zang MingJie (zealot0630) |
To post a comment you must log in.
It's worth noting that plaintext HTTP will potentially leak your credentials for this. HTTPS with proper certificate validation or possibly Gerrit's SSH interface could provide a secure transport for this sort of feature enhancement. Since Zuul already needs to be able to connect to Gerrit's SSH interface to read the event stream, perhaps much of the needed key management logic is already in place for that?