Added WebDAV interface for displaying the working copies from build agent

[Marica Tan <ma...@gmail.com>]

Hi,

I added a WebDAV interface to the continuum build agent for displaying the
working copies.

There's no security yet for the meantime, same with the XMLRPC of build
agent.

--
Marica

Re: Added WebDAV interface for displaying the working copies from build agent

[Brett Porter <br...@apache.org>]

On 28/07/2010, at 10:01 PM, Wendy Smoak wrote:

> I also wondered... why webdav, when everything else is xml-rpc?
> 

I think I suggested WebDAV at some point... 

IIRC, there was already XMLRPC support, but it wasn't as straightforward to use for transferring files as plain old HTTP, and particularly was problematic for binary files.

HTTP would probably be a enough, but using WebDAV (read only) is a useful idea to get both that and the ability to connect to it with any webdav client and review the checkout.

- Brett


--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/

Re: Added WebDAV interface for displaying the working copies from build agent

[Wendy Smoak <ws...@gmail.com>]

I also wondered... why webdav, when everything else is xml-rpc?

-- 
Wendy

Re: Added WebDAV interface for displaying the working copies from build agent

[Wendy Smoak <ws...@gmail.com>]

I think introducing a database on the agent adds too much complexity
and should be avoided.

There is already an issue for stopping the build agent from accepting requests
from "just anyone".  I think it should only listen and talk to its
master server,
which can figure out who can see what.

Can you think of any other options?

-- 
Wendy

On Tue, Jul 27, 2010 at 9:47 PM, Marica Tan <ma...@gmail.com> wrote:
> Yes I agree.
>
> Since we don't have a database in an agent, we can't do role-based
> authorization.
>
> I think we need to have that database so we can provide that security for
> the webdav interface as well as with the xmlrpc.
>
> WDYT?

Re: Added WebDAV interface for displaying the working copies from build agent

[Wendy Smoak <ws...@gmail.com>]

On Wed, Jul 28, 2010 at 12:39 AM, Brett Porter <br...@apache.org> wrote:
> We might be better having some sort of private/public key system to ensure the agent only gets used by the intended master, rather than actual user permissions.

This is the issue I was thinking of
http://jira.codehaus.org/browse/CONTINUUM-2044 .  It assumes the
pre-webdav situation though, where the agent only sends responses to
the configured master url.

-- 
Wendy

Re: Added WebDAV interface for displaying the working copies from build agent

[Emmanuel Venisse <em...@gmail.com>]

On Wed, Jul 28, 2010 at 6:39 AM, Brett Porter <br...@apache.org> wrote:

>
> On 28/07/2010, at 9:47 AM, Marica Tan wrote:
>
> > Yes I agree.
> >
> > Since we don't have a database in an agent, we can't do role-based
> > authorization.
> >
> > I think we need to have that database so we can provide that security for
> > the webdav interface as well as with the xmlrpc.
>
> I don't think a database is the right answer to that - it probably doesn't
> need role-based permissions.
>
> We might be better having some sort of private/public key system to ensure
> the agent only gets used by the intended master, rather than actual user
> permissions.
>

I'm totally agree.

Emmanuel


>
> - Brett
>
> --
> Brett Porter
> brett@apache.org
> http://brettporter.wordpress.com/
>
>

Re: Added WebDAV interface for displaying the working copies from build agent

[Brett Porter <br...@apache.org>]

On 28/07/2010, at 9:47 AM, Marica Tan wrote:

> Yes I agree.
> 
> Since we don't have a database in an agent, we can't do role-based
> authorization.
> 
> I think we need to have that database so we can provide that security for
> the webdav interface as well as with the xmlrpc.

I don't think a database is the right answer to that - it probably doesn't need role-based permissions.

We might be better having some sort of private/public key system to ensure the agent only gets used by the intended master, rather than actual user permissions.

- Brett

--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/

Re: Added WebDAV interface for displaying the working copies from build agent

[Marica Tan <ma...@gmail.com>]

Yes I agree.

Since we don't have a database in an agent, we can't do role-based
authorization.

I think we need to have that database so we can provide that security for
the webdav interface as well as with the xmlrpc.

WDYT?

On Wed, Jul 28, 2010 at 8:31 AM, Wendy Smoak <ws...@gmail.com> wrote:

> On Mon, Jul 19, 2010 at 3:16 AM, Marica Tan <ma...@gmail.com> wrote:
>
> > I added a WebDAV interface to the continuum build agent for displaying
> the
> > working copies.
> >
> > There's no security yet for the meantime, same with the XMLRPC of build
> > agent.
>
> As I understand it, the build agent will only reply to the master url
> in its configuration.  (That is, it will accept requests from anyone,
> which is a problem, but it will only send the reply to that one url.)
>
> Correct me if I'm wrong, but a webdav interface is different -- if
> it's unsecured, anyone who connects can get the information, in this
> case, the source code and build output sitting in the working copy.
>
> Thanks,
> Wendy
>

Re: Added WebDAV interface for displaying the working copies from build agent

[Wendy Smoak <ws...@gmail.com>]

On Mon, Jul 19, 2010 at 3:16 AM, Marica Tan <ma...@gmail.com> wrote:

> I added a WebDAV interface to the continuum build agent for displaying the
> working copies.
>
> There's no security yet for the meantime, same with the XMLRPC of build
> agent.

As I understand it, the build agent will only reply to the master url
in its configuration.  (That is, it will accept requests from anyone,
which is a problem, but it will only send the reply to that one url.)

Correct me if I'm wrong, but a webdav interface is different -- if
it's unsecured, anyone who connects can get the information, in this
case, the source code and build output sitting in the working copy.

Thanks,
Wendy