[py3] You shall not pass! - issue when accessing admin area

[jessecooper]

I get the following message when trying to access the admin area when running in a virtualenv:

You shall not pass! - issue when accessing admin area need admin rights to access administration panels

Not sure if I am missing something in my configuration or if something else might be going on.

[tardyp]

It is because you configured an authentication plugin before. You can look at the cfg.yml to fix it manually before you can use the UI again

[meritozh]

@tardyp Please help me. How I modify cfg.yml then I can use GitHub auth to auth bbtravis or manually register email as account?

[meritozh]

Or just use UserPasswordAuth

[tardyp]

can you show your cfg.yml (the auth part?)

[meritozh]

auth
      - type: Custom
      - customcode: "from buildbot.plugins import *\nauth = util.UserPasswordAuth({\"homer\": \"doh!\"})"

Just use username and password to login. But this accout has no admin right. Am I must write more python code in yml to make role as admin?

By the way, how to set it to use GitHub Enterprise auth to login?

[meritozh]

I keep cfg.yml empty, then modify master.cfg:

from buildbot_travis import TravisConfigurator
from buildbot.plugins import util

c = BuildmasterConfig = {}

TravisConfigurator(c, basedir).fromYaml('cfg.yml')

# bbtravis already setups www, we must override some of the config after

# base setting
c['buildbotNetUsageData'] = None
c['buildbotURL'] = "url"

c['www']['authz'] = util.Authz(
            allowRules = [
                util.StopBuildEndpointMatcher(role="admins"),
                util.ForceBuildEndpointMatcher(role="admins"),
                util.RebuildBuildEndpointMatcher(role="admins")
            ],
            roleMatchers = [
                util.RolesFromUsername(roles=['admins'], usernames=['xxx'])
            ]
    )
c['www']['auth'] = util.UserPasswordAuth([('xxx','blabla')])

But after I login, buildbot still show need admin rights to access administration panels

@tardyp How to set a account to get admin right?

[tardyp]

for buildbot_travis, there is a special endpoint matcher that you need to have. then you can use GitHubAuth for oauth github authentication.

from buildbot_travis.configurator import 
c['www']['authz'] = util.Authz(
            allowRules = [
                util. AnyControlEndpointMatcher(role="admins"),
                TravisEndpointMatcher(role="admins")
            ],
            roleMatchers = [
               util.RolesFromGroups(groupPrefix='<yourgithubgroup>/')
            ]
    )
c['www']['auth'] = util.GitHubAuth("clientid", "clientsecret", "https://git.corp.mycompany.com")

more details here on how to get the clientid: http://docs.buildbot.net/latest/manual/cfg-www.html https://developer.github.com/v3/oauth_authorizations/

[meritozh]

But how to set a admin password, or make a account have admin right? I watched your tutorial video, you just install, start, then open web, click Administration field, setting admin password, I followed, but when I click Administration field, it show You shall not pass. I have test many times, cann't solve this issue : (

[tardyp]

Sorry I forgot that detail. The admin rights are managed by your github teams.

You need to create in github an organisation. In that organisation, there are teams. Name one "admins", then you put users in your admins team of your organisation "myorganisation" then when connecting with oauth2, the admin members will have a group in github named "myorganisation/admins"

The following snippet:

               util.RolesFromGroups(groupPrefix='myorganisation/')

will map this team to the role "admins", by removing the prefix 'myorganisation/' from the 'myorganisation/admins' group.

[meritozh]

Thx, final question, how to set a admin account which use UserPasswordAuth? I must test buildbot as GitHub EE CI locally first.

[meritozh]

cfg.yml

{}

master.cfg

from buildbot_travis import TravisConfigurator
from buildbot_travis.configurator import TravisEndpointMatcher
from buildbot.plugins import util

c = BuildmasterConfig = {}
TravisConfigurator(BuildmasterConfig, basedir).fromYaml('cfg.yml')

c['buildbotNetUsageData'] = None
c['buildbotURL'] = "someurl"

c['www']['authz'] = util.Authz(
        allowRules = [
                util.AnyControlEndpointMatcher(role="admins"),
                TravisEndpointMatcher(role="admins")
            ],
        roleMatchers = [
                util.RolesFromUsername(roles=['admins'], usernames=['xxx'])
            ]
        )
c['www']['auth'] = util.UserPasswordAuth([('xxx', 'blabla')])

My current configurations above, after login this account, still show You shall not pass! : (

I really don't know how to config this...

[tardyp]

Hi, the simple admin passwd use case is supported by the UI. with empty cfg.yml, you can just set master.cfg like this.

from buildbot_travis import TravisConfigurator from buildbot_travis.configurator import TravisEndpointMatcher from buildbot.plugins import util

c = BuildmasterConfig = {} TravisConfigurator(BuildmasterConfig, basedir).fromYaml('cfg.yml') c['buildbotURL'] = "someurl"

Then you go to the UI in the admin panel. If that does not work, then you should go to the browser's developer console, and tell if there is an error there.

[tardyp]

note that the configuration you pasted look good. It should work. I'll retest this asap

[tardyp]

I just confirmed that your pasted config (https://github.com/buildbot/buildbot_travis/issues/64#issuecomment-355252766) works for me, as well as the adminPasswd config in the UI.

[tardyp]

[meritozh]

What is http://<hosturl>/buildbot_travis/api/config? console show 404 not found.

open url in browser, show:

I use macOS newest version, test in safari and chrome

[tardyp]

/buildbot_travis/api/config is the endpoint which is used to read and write the cfg (cfg.yml). 404 means it can't be found.

What are the versions of buildbot and buildbot_travis that you use? can you make sure you use latest release? Maybe you should try and rebuild your virtualenv from scratch.

[meritozh]

Clean up all things, follow README step by step, without any modifies, only export no_proxy='*' before start master. Still encounter this issue.

→ tree -L 2                   
.
├── master
│   ├── buildbot.tac
│   ├── cfg.yml
│   ├── http.log
│   ├── master.cfg
│   ├── master.cfg.sample
│   ├── state.sqlite
│   ├── twistd.log
│   └── twistd.pid
└── sandbox
    ├── bin
    ├── include
    ├── lib
    └── pip-selfcheck.json

asn1crypto (0.24.0)
attrs (17.4.0)
autobahn (17.10.1)
Automat (0.6.0)
buildbot (0.9.15)
buildbot-console-view (0.9.15)
buildbot-travis (0.6.2)
buildbot-waterfall-view (0.9.15)
buildbot-worker (0.9.15)
buildbot-www (0.9.15)
certifi (2017.11.5)
cffi (1.11.2)
chardet (3.0.4)
constantly (15.1.0)
cryptography (2.1.4)
decorator (4.1.2)
docker-py (1.10.6)
docker-pycreds (0.2.1)
future (0.16.0)
hyper-sh (1.0.7)
hyperlink (17.3.1)
idna (2.6)
incremental (17.5.0)
Jinja2 (2.10)
klein (17.10.0)
ldap3 (2.4)
MarkupSafe (1.0)
pbr (3.1.1)
pip (9.0.1)
pyasn1 (0.4.2)
pyasn1-modules (0.2.1)
pycparser (2.18)
pyjade (4.0.0)
PyJWT (1.5.3)
pyOpenSSL (17.5.0)
python-dateutil (2.6.1)
PyYAML (3.12)
requests (2.18.4)
service-identity (17.0.0)
setuptools (38.2.5)
six (1.11.0)
SQLAlchemy (1.2.0)
sqlalchemy-migrate (0.11.0)
sqlparse (0.2.4)
Tempita (0.5.2)
Twisted (17.9.0)
txaio (2.8.2)
txgithub (15.0.0)
txrequests (0.9.5)
urllib3 (1.22)
urwid (1.3.1)
websocket-client (0.46.0)
Werkzeug (0.14.1)
wheel (0.30.0)
zope.interface (4.4.3)

[meritozh]

Works good through docker! I install python3 through homebrew, may there is a bug in basedir?

Test, basedir is right, and the dir actually contains cfg.yml file.

[tardyp]

I can reproduce the issue if I use python3 for the virtualenv :-/

working on a fix