1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
Return-Path: <ick-discuss-bounces@ick.liw.fi>
X-Original-To: distix@pieni.net
Delivered-To: distix@pieni.net
Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221])
by pieni.net (Postfix) with ESMTPS id D13E94358F
for <distix@pieni.net>; Thu, 6 Sep 2018 18:16:51 +0000 (UTC)
Received: from platypus.pepperfish.net (unknown [10.112.101.20])
by yaffle.pepperfish.net (Postfix) with ESMTP id 9CE11414C5
for <distix@pieni.net>; Thu, 6 Sep 2018 19:16:51 +0100 (BST)
Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net)
by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian))
id 1fxypn-0003vf-HE; Thu, 06 Sep 2018 19:16:51 +0100
Received: from koom.pieni.net ([88.99.190.206] helo=pieni.net)
by platypus.pepperfish.net with esmtpsa (Exim 4.80 #2 (Debian))
id 1fxypm-0003vR-1U
for <ick-discuss@ick.liw.fi>; Thu, 06 Sep 2018 19:16:50 +0100
Received: from exolobe3 (62-78-212-250.bb.dnainternet.fi [62.78.212.250])
by pieni.net (Postfix) with ESMTPSA id 80A6340898
for <ick-discuss@ick.liw.fi>; Thu, 6 Sep 2018 18:16:49 +0000 (UTC)
Message-ID: <8d25249f9fc45e951deacd3b26084324cb70d08b.camel@liw.fi>
From: Lars Wirzenius <liw@liw.fi>
To: ick discussions <ick-discuss@ick.liw.fi>
Date: Thu, 06 Sep 2018 21:16:47 +0300
User-Agent: Evolution 3.30.0-1
Mime-Version: 1.0
X-Pepperfish-Transaction: 9d8e-6cfb-6392-7cdc
X-Pepperfish-Transaction-By: platypus
Subject: Ick planning: what next?
X-BeenThere: ick-discuss@ick.liw.fi
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: discussions about the ick CI system <ick-discuss-ick.liw.fi>
List-Unsubscribe: <https://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/ick-discuss-ick.liw.fi>,
<mailto:ick-discuss-request@ick.liw.fi?subject=unsubscribe>
List-Archive: <http://listmaster.pepperfish.net/pipermail/ick-discuss-ick.liw.fi>
List-Post: <mailto:ick-discuss@ick.liw.fi>
List-Help: <mailto:ick-discuss-request@ick.liw.fi?subject=help>
List-Subscribe: <https://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/ick-discuss-ick.liw.fi>,
<mailto:ick-discuss-request@ick.liw.fi?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============6309345869005290914=="
Mime-version: 1.0
Sender: ick-discuss-bounces@ick.liw.fi
Errors-To: ick-discuss-bounces@ick.liw.fi
--===============6309345869005290914==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature"; boundary="=-W0owP7QZKqnCdVp5zpkK"
--=-W0owP7QZKqnCdVp5zpkK
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Ick has been a little on the backburner lately, while I sort out some
personal and work stuff. However, it would be good to have a little
discussion about where we should take ick next.
Current status is that the controller works and builds happen. There is
_very_ rudimentary web application.
It is clear to me, after talking to various people, that a web interface
for ick should be a high priority. I'm not good with front-end web stuff,
so that's something I'd really like help with.
A pre-requisite for an ick web application is to make end-user
authentication more sensible. At the moment, the web application allows the
user to log in, and that works. However, the command line application,
icktool, requires a different set of credential.
Technically, the web application uses the OpenID Connect authorization code
flow for login, and ickdtool uses the OAuth2 client credentials grant. I
think this needs to be handled so that the web application is changed to
allow the user to create an "API token", which icktool can use to access
the controller. This allows the user to only have one set of credentials,
which is much more sane.
The API token will be an extension to OIDC, and will allow icktool to
retreive a standard access token, for actually accessing the controller
API. The access token will identify the user.
When all API use identifies the user, we can change ick to assign an owner
to each resource (project, pipeline, build, build log, artifact), and
restrict users to only see, create, modify, and delete their own artifacts.
This, in turn, will take ick much closer to being a "hostable service",
where different users are more or less safe from each other.
What do you all think about this? Is there something you'd really like to
see in ick, before or after the above? Please say, the floor is open for
dreams, fantasies, and wishes.
The ick web application will be using the RESTful HTTP APIs of the various
ick components, but can otherwise be separate from them. It can be
implemented in any language and way, as long as the user is happy to use it
and it uses Qvisqve for end-user authenticattion and the ick APIs for drive
ick. I'd like the web application to be free software, built using tools in
Debian, and have no dependencies outside what is packaged in Debian.
However, I realise that's a difficult request in the modern world of web
development, so I'm willing to discuss the build and runtime dependencies,
though not the freedom.
If web application front-ends are something you like working on, please say
so. I'd really appreciate any help with the front-end.
--=-W0owP7QZKqnCdVp5zpkK
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEETNTnrewG6wEE1EJ3bC+mFux6IDEFAluRbw8ACgkQbC+mFux6
IDHS9xAAn1UV61Sfhi9vF8Qu9EUVvFrxavzHg22C6kFh3X8mgBsL402qSLPX4FFp
5wzWQSvxIOCszKrx0UdOyyAftXhqqjMy7V5q+2VZjpA4kZUVLpD+IdzVKn45M+99
ldjHEz7U+i0iJQxUQfKsJqG60EqjbqUvNSuu99xlPIJbxthCRg8Y2+O6dwSqZuxv
U5/qmFGKKV+gMv+dFUh+neV6btyBZqJ9PtK/t1JjmXBKV5naDZMOrm0sONTCj+Y/
alXKRpUGOiBXsDdOeXZmIodozBA7ubaV6ffsZ5Mrigt31rPgNsfHbs+eyMmtFlKb
NiJUPB/Q+H7sMMbVq+rv734tiaFy1XnoMMGagQUocgiyEfdc2oAwdDFBnAMTH4OG
Pi3atlNr9G6oGuE+wue2rhkpT2jLzuhcZMidqi5GQkORTrYi0bYeys7ASyZwJ54K
tbe3rEqiFFjfikRs68mPD5WJ3C0vMcPv/3kUNtZd0k7zrKioxWuHvzx6PK/YuJQO
WX+MM42L+U6rCNsH/Abt4HXBzX87DH38LNZMv3UbdNO0C4szx2kWaWSvUYZh4y9G
zv5Uly+UeuD0FfaKemjyqSHD2fR9XJveY3IgK3p+wmfTCCZzUyBbW6UO2CRzfUVZ
YJT3GuuVYigxGyzAhNN9eBLcxvuxX0tX8DrOA2Af9zAiKtS26v4=
=ZqMq
-----END PGP SIGNATURE-----
--=-W0owP7QZKqnCdVp5zpkK--
--===============6309345869005290914==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ick-discuss mailing list
ick-discuss@ick.liw.fi
https://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/ick-discuss-ick.liw.fi
--===============6309345869005290914==--
|
