Merge autopkgtest-cloud:wip/private into autopkgtest-cloud:master
Status: | Rejected |
---|---|
Rejected by: | Iain Lane |
Proposed branch: | autopkgtest-cloud:wip/private |
Merge into: | autopkgtest-cloud:master |
Diff against target: |
159 lines (+60/-23) 3 files modified
webcontrol/browse.cgi (+12/-1) webcontrol/request/submit.py (+6/-0) worker/worker (+42/-22) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Iain Lane | Needs Resubmitting | ||
Steve Langasek | Pending | ||
Review via email: mp+365586@code.launchpad.net |
Description of the change
This is a WIP / RFC. Comments welcome from autopkgtest developers and potential users of this (security team?)
I've implemented some initial parts for running private jobs. If "private" is set to true in the parameters, then the following things will happen
- The test will be displayed in the running page (both queue and the log tail) as 'private'
- It'll be put a container prefixed by 'private-'
I don't know how to handle access control for the private containers. Currently nobody except our own tenant can access the containers. Comments would be welcome on that subject. One thing Swift supports is access control based on Openstack tenant, so consumers could run their own code to download the results themselves (Q: how would we map container to tenant?). Presumably if they're handling job triggering then they can handle collecting results too.
Alternatively autopkgtest-web could be extended to do this somehow, via some kind of proxying of the objects in swift, together with appropriate authentication which I really don't know the details of either.
If you have access to the infrastructure, then: to see a couple of test runs, check out "journalctl ADT_PACKAGE=gzip" from today (2019-04-05), and the 'private-
This is superseded by https:/ /code.launchpad .net/~ubuntu- release/ autopkgtest- cloud/+ git/autopkgtest -cloud/ +merge/ 399668