# HG changeset patch # User John W. Eaton # Date 1591382925 0 # Node ID 0755c33a0f993b089f31af1155ce679d5af956fb # Parent e7bc00398e25cfdd08690ffa04985b9a399d9a9a disable force schedulers diff -r e7bc00398e25 -r 0755c33a0f99 master.cfg --- a/master.cfg Sat May 30 16:57:14 2020 +0200 +++ b/master.cfg Fri Jun 05 18:48:45 2020 +0000 @@ -151,14 +151,20 @@ treeStableTimer = 5*60, builderNames = all_default_octave_builders)) -c["schedulers"].append (ForceScheduler (name = "force_default_octave", builderNames = all_default_octave_builders)) +### DISABLED because there doesn't seem to be a way to limit this +### action to users logged in to the web interface; instead, forcing +### builds is allowed for anyone. WTF!?! +### c["schedulers"].append (ForceScheduler (name = "force_default_octave", builderNames = all_default_octave_builders)) c["schedulers"].append (SingleBranchScheduler (name = "stable octave", change_filter = octave_stable_filter, treeStableTimer = 5*60, builderNames = all_stable_octave_builders)) -c["schedulers"].append (ForceScheduler (name = "force_stable_octave", builderNames = all_stable_octave_builders)) +### DISABLED because there doesn't seem to be a way to limit this +### action to users logged in to the web interface; instead, forcing +### builds is allowed for anyone. WTF!?! +### c["schedulers"].append (ForceScheduler (name = "force_stable_octave", builderNames = all_stable_octave_builders)) ## Here, branch is the mxe-octave branch. c["schedulers"].append (timed.Nightly (name = "periodic mxe-octave-w32", @@ -237,7 +243,10 @@ builderNames = ["mxe-native-all-on-debian"], hour = 18)) -c["schedulers"].append (ForceScheduler (name = "force_mxe_octave", builderNames = all_mxe_octave_builders)) +### DISABLED because there doesn't seem to be a way to limit this +### action to users logged in to the web interface; instead, forcing +### builds is allowed for anyone. WTF!?! +### c["schedulers"].append (ForceScheduler (name = "force_mxe_octave", builderNames = all_mxe_octave_builders)) ## BUILDERS @@ -858,7 +867,6 @@ c['www'] = { "port" : 8010, - "auth" : util.UserPasswordAuth (octave_buildbot_config.master_id_and_pass), "plugins" : { "waterfall_view" : True } } @@ -867,6 +875,31 @@ "Waterfall.lazy_limit_waterfall": 400 } +### HOW TF is this supposed to work to limit access to things like forcing or +### stopping builds through the web interface. Nothing seems to limit the +### force actions to users who are logged in. WTF!?! +## authz = util.Authz ( +## stringsMatcher = util.fnmatchStrMatcher, +## allowRules = [ +## util.AnyEndpointMatcher (role = "admins", defaultDeny = False), +## # admins can do anything, +## # defaultDeny = False: if user does not have the admin role, we continue parsing rules +## util.StopBuildEndpointMatcher (role = "admins"), +## util.ForceBuildEndpointMatcher (role = "admins"), +## # if future Buildbot implement new control, we are safe with this last rule +## util.AnyControlEndpointMatcher (role = "admins") +## ], +## roleMatchers = [ +## # role owner is granted when property owner matches the email of the user +## util.RolesFromOwner (role = "owner") +## ] +## ) + +auth = util.UserPasswordAuth (octave_buildbot_config.master_id_and_pass) + +c['www']['auth'] = auth +## c['www']['authz'] = authz + ## DB URL ## This specifies what database buildbot uses to store its state. You