• Immutable Page
• Info
• Attachments
• More Actions: Raw Text Print View Render as Docbook Delete Cache ------------------------ Check Spelling Like Pages Local Site Map ------------------------ Rename Page Delete Page ------------------------ Subscribe User ------------------------ Remove Spam Revert to this revision Package Pages Sync Pages ------------------------ Load Save SlideShow

Branch Access Token

Access tokens can be created that allow access to a defined set of branches.

Contact: mwhudson
On Launchpad: Link to a blueprint, milestone or (best) a bug tag search across launchpad-project

Rationale

Michael is doing this in his spare time because Linaro infrastructure is setting up yet another project that involves copying ssh keys for a robot user account around, and it's just too much.

There is no one compelling value this brings, but it allows a few improvements that add up to a real benefit:

1. It will allow deleting the branch puller entirely.
2. It is an important step on the way to enabling recipes to be built from private branches.
3. It will allow projects such as "private builds in offspring" more natural ways to access private branches.

Stakeholders

mwhudson cares enough to do this in his spare time.

User stories

Delete branch puller

As a Launchpad developer
I want to programmatically generate a token that allows write access to a branch
so that I can use these tokens in code imports and thus delete the branch puller

Enable private recipes

As a Launchpad developer
I want to programmatically generate a token that allows read access to a known set of branches
so that I can move on to working on enabling recipe builds that reference private branches

Allow fine-grained access to private branches

As a Offspring admin
I want to programmatically generate a token that allows read access to a private branch
so that I can attach these tokens to projects in offspring and allow them to reference private config branches

Constraints and Requirements

Must

It must allow access to the required branches.

Nice to have

Must not

Compromise security. Negatively affect performance. Create undue complexity in the Launchpad code base.

(I don't think it is very likely to do any of these things)

Out of scope

Success

How will we know when we are done?

How will we measure how well we have done?

Thoughts?

The generated tokens will be used over ssh. Essentially I will create a "username"/secret pair. Providing these to the Twisted daemon that runs the codehosting ssh service as username and password will allow logging in to a similar environment as the current username/ssh key but that only allows access to the configured branches. Tokens will be immutable once created.

The creation API will be something like createToken(registrant, [writing_branches], [reading_branches]).

I expect the database side to look a bit like this:

class BranchAccessToken:
    id = Int(primary=True)
    secret = Text()
    creator = Reference(Person)
    date_created = Datetime()

class BranchAccessTokenAccess:
    token = Reference(BranchAccessToken)
    branch = Reference(Branch)
    can_write = Bool()

Logging in as the user ".$(id)s" with the password "%(secret)s" from a BranchAccessToken will be accepted by the ssh service. The XML-RPC method translatePath will handle usernames starting with a "." differently.

I don't propose to create a UI for this. All users are at the very least fairly advanced and can use the LP API (or some of them will use the internal API I guess).