Page MenuHomePhabricator
Differential D1003

Provide a `runs.insecurely` to be used with test variants
ClosedPublic
Actions

Authored by dduvall on Mar 10 2018, 12:11 AM.
Tags
Referenced Files
F41594622: D1003.diff
Mon, Dec 11, 5:05 PM
Unknown Object (File)
Thu, Nov 23, 2:54 PM
Unknown Object (File)
Wed, Nov 15, 4:14 PM
Unknown Object (File)
Sat, Nov 11, 5:16 PM
Unknown Object (File)
Nov 9 2023, 10:14 PM
Unknown Object (File)
Nov 6 2023, 4:21 AM
Unknown Object (File)
Nov 4 2023, 2:23 PM
Unknown Object (File)
Oct 30 2023, 5:05 PM
View All 61 Files
Subscribers
None

Details

Reviewers
thcipriani
mmodell
hashar
demon
Group Reviewers
Release-Engineering-Team
Commits
rGBLBRcffb77e9dbb1: Provide a `runs.insecurely` to be used with test variants
Patch without arc
git checkout -b D1003 && curl -L https://phabricator.wikimedia.org/D1003?download=true | git apply
Summary

Use cases involving running of test suites and doc generation require
more liberal ownership and read/write permission to application files.
When runs.insecurely is set to true, the effective runtime user will
be lives.as, the same user that owns the application files and
installed dependencies.

D999 is a complement to this change to allow restrictions on this and
other potentially sensitive configuration.

Depends on D999, D1002

Test Plan

Run go test ./....

Diff Detail

Repository
rGBLBR Blubber
Branch
insecurely
Lint
Lint Passed
Unit
Tests Passed

Event Timeline

dduvall created this revision.Mar 10 2018, 12:11 AM
Restricted Application added a reviewer: Release-Engineering-Team. · View Herald TranscriptMar 10 2018, 12:11 AM
Restricted Application added a project: Release-Engineering-Team. · View Herald Transcript
dduvall requested review of this revision.Mar 10 2018, 12:11 AM
dduvall added a reviewer: demon.Mar 10 2018, 12:12 AM
dduvall updated this revision to Diff 2631.Mar 12 2018, 6:00 PM
dduvall retitled this revision from Provide a `runs.insecurely` for liberal file ownership to Provide a `runs.insecurely` to be used with test variants.
dduvall edited the summary of this revision. (Show Details)

Changed implementation to use the lives.as as the effective runtime user instead of trying to hack up file ownership using the runs.as user

dduvall updated this revision to Diff 2655.Mar 22 2018, 6:00 PM

Rebased

Harbormaster completed remote builds in Restricted Buildable.Mar 22 2018, 6:00 PM
thcipriani accepted this revision.Mar 22 2018, 9:00 PM

Tests look good. Patch is pretty light weight. Does what it says :)

This revision is now accepted and ready to land.Mar 22 2018, 9:00 PM
Closed by commit rGBLBRcffb77e9dbb1: Provide a `runs.insecurely` to be used with test variants (authored by dduvall). · Explain WhyMar 22 2018, 9:03 PM
This revision was automatically updated to reflect the committed changes.
dduvall mentioned this in T174631: Support for Blubber defaults and/or policies.Apr 2 2018, 3:53 PM

Revision Contents
Changeset List

PathSize
2 lines
config/
2 lines
2 lines
8 lines
54 lines

Diff 2631

View Options

blubber.example.yaml

Loading...
View Options

config/runs.go

Loading...
View Options

config/runs_test.go

Loading...
View Options

config/variant.go

Loading...
View Options

config/variant_test.go

Loading...
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL