/srv/irclogs.ubuntu.com/2016/10/03/#launchpad-dev.txt

=== frankban|afk is now known as frankban
cjwatsonHm, turnip authentication is suboptimally-designed for code imports: it authenticates before it knows the repository, and the only state it retains between authentication and path translation is Person.id.13:13
cjwatsonI might have to change it to pass the username again if the user ID is None, and make up a username that's something like +code-import-job/<job_id> (to fit the blacklist)13:14
wgrantcjwatson: Hm, do we really pass the ID as an int?13:22
wgrantI think it's reasonable for authentication to be contextless; after all, in the SSH case we don't have context until authentication completes.13:23
cjwatsonWe really pass the ID as an int.13:29
wgrant:(13:29
cjwatsonI agree it's fine for it to be contextless in general, but in this case we need to either know what job the push relates to when authenticating, or we need to persist a bit of state until we do.13:30
cjwatsonMore generalised git access tokens would suggest the latter approach.13:30
wgrantIndeed, we need more than just the user ID now.13:30
cjwatsonAnd it's a more standard authn/authz style.13:30
wgrantThe current structure is fine, it's just unfortunate that the opaque data passed between the authn and authz stages is an int.13:31
cjwatson(OK, we already do authz, it's just that at the moment we can do that with just the Person)13:31
cjwatsonYeah, maybe I should just uplift that to a JSON dict.13:31
wgrantAN ASSERTION!13:32
wgrantOr a string.13:32
wgrantEither way.13:32
wgrantI don't think turnip needs to know anything about it, does it?13:32
wgrantOther than maybe for logging.13:32
cjwatsonWell, yeah, a dict encoded as a string :)13:32
wgrantSo simply saying "any string will do" should work.13:32
cjwatsonNo, turnip doesn't need to, though it's also not secret from it.13:32
wgrantCertainly.13:33
cjwatsonWe're already passing around a user/uid pair and only using the uid.13:34
wgrantIndeed. I'm pretty sure I intended the username as temporary but then we never dropped it once you added the UID.13:35
wgrantLet's add a third and never drop the other two!13:35
cjwatsonI was going to just go back to the username :)13:35
cjwatson(I mean, not in general, there was a good reason we switched to UID.)13:35
wgrantEh, it needs changes on both ends anyway, so we might as well call it something unconfusing.13:36
cjwatsonIt would be an annoying flag-day problem were it not for the fact that authenticateWithPassword is as yet unimplemented.13:37
cjwatsonSo we can just declare that it now returns a dict.13:37
wgrantOne but not the other?13:37
wgrantI thought the existing SSH key method already returned a dict.13:37
cjwatsonAnd translatePath can be changed to temporarily accept either form.13:37
wgrantMaybe you changed that but didn't bother with the other.13:38
cjwatsonWe pass a params dict to the backend in both cases.13:38
cjwatsonBut the SSH backend just picks the username/uid out of its "avatar" directly, since lazr.sshservice deals with the authserver interaction.13:39
wgrantOh, SSH auth uses the authserver API13:39
wgrantRight13:39
wgrantHad forgotten that split.13:39
wgrantI suppose we can leave that for now and emulate the dict on the turnip side.13:39
cjwatsonYeah, that's easy.13:39
wgrantAnd sort it out later if we need it, without any serious compat issues.13:40
wgrantthat/it == the SSH side of things, to be clear13:40
* wgrant sleeps.13:40
cjwatsonYep13:40
cjwatsonNight.13:40
=== frankban is now known as frankban|afk
tsimonq2I plan on writing some code that allows certain email addresses to be subscribed to a packageset (like yakktey-changes but filtered)17:51
tsimonq2(or so I hope to)17:51
tsimonq2 1. Is anyone opposed?17:51
tsimonq2 2. Should I hardcode the email addresses in or should an administrator be allowed to edit the email addresses through a simple web interface?17:52
cjwatsontsimonq2: no hardcoding17:57
tsimonq2that's what I thought :P17:58
tsimonq2cjwatson: but y'all aren't opposed to it?17:58
cjwatsontsimonq2: it also shouldn't be email addresses IMO, it should be a mechanism to allow people/teams to subscribe to package upload notifications, much as they can to other kinds of notifications17:58
tsimonq2oh?17:58
cjwatsonI would be opposed to notifying arbitrary addresses, but a subscription mechanism here seems reasonable17:58
tsimonq2I see, ok17:59
cjwatsonlib/lp/soyuz/mail/packageupload.py would be the place that sends out the mail, but you'd need to figure out how to model the subscriptions17:59
cjwatsonpossibly/probably including a way to subscribe to an entire packageset17:59
cjwatsonI'd suggest that it should use/extend the existing structural subscription mechanism18:00
tsimonq2it would certainly help if there was a page that listed all packages in the Ubuntu archive allowing sorting by packageset18:00
tsimonq2ok18:00
cjwatsonwhich doesn't support packagesets, but probably could18:00
cjwatsonwell, you don't want to have to subscribe to all the packages individually in any event, so I don't know that such a page would be really the best approach anyway18:01
tsimonq2well no, it would have checkboxes on the left of each item18:01
cjwatsonfirstly, it would be an annoying amount of clicking; secondly, the packageset might change later and you probably want to track that18:01
tsimonq2then the packageset name would be in bold and if you select that, it selects all the respective packages18:01
cjwatsonif you want to subscribe to a packageset, model that directly, don't record subscriptions to each element of it18:01
tsimonq2oh yeah good point18:02
tsimonq2ok18:02
tsimonq2cjwatson: thanks, I'll get an MP ready within a week or two :)18:03
cjwatsonI think this is likely to be a moderate amount of work involving quite a bit of fiddly hacking, and it will require DB patches, so don't underestimate the work involved.18:04
cjwatsonTo begin with given that it touches the DB it will certainly require at least two MPs, probably more.18:05
tsimonq2yes18:05
tsimonq2of course18:05
tsimonq2that's just *my* estimate18:05
tsimonq2it could be a lot longer18:05
tsimonq2ok I have to go, I'll look into this later, thanks again!18:06
tsimonq2win 1218:06
tsimonq2whoops18:06
cjwatsonI don't want to discourage you, it's just a tough starter project :)18:07
cjwatsonSo as long as you're aware of that.18:07
tsimonq2cjwatson: I am :)20:36

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!