action #174301: Enable usual authentication methods for assets served by NGINX size:M - openQA Project (public) - openSUSE Project Management Tool

Actions

action #174301

open

Enable usual authentication methods for assets served by NGINX size:M

Added by mkittler 7 days ago. Updated 3 days ago.

Status:

Workable

Priority:

Normal

Assignee:

-

Category:

Feature requests

Target version:

Start date:

2024-12-12

Due date:

% Done:

0%

Estimated time:

Description

Motivation¶

This ticket is a concrete approach to cover the most crucial aspect of #174154. Checkout that ticket for details.

Acceptance criteria¶

AC1: It is possible to enable authentication for openQA tests assets served by NGINX.
AC2: NGINX accepts the usual authentication methods openQA provides.
AC2.1: basic auth via personal access token
AC2.2: API key/secret
AC2.3: web session

Acceptance tests¶

AT2.1: Invoke a command like curl -u Demo:…:… http://localhost/assets/other/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20230109-Media.iso.sha256 and see whether you get a correct 200 response or a 403 response depending on whether the credentials are correct or wrong.
AT2.2: Invoke a command like MOJO_CLIENT_DEBUG=1 openqa-cli api http://localhost/assets/other/openSUSE-Tumbleweed-DVD-x86_64-Snapshot20230109-Media.iso.sha256 and see whether you get a correct 200 response or a 403 response depending on whether the credentials are correct or wrong.
AT2.3: Open a test details page, select "Logs and assets" and try to download an asset. When logged in, the download prompt should appear; otherwise a login is supposed be triggered.

Suggestions¶

Configure NGINX locally as it is described on https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication
Checkout commit https://github.com/Martchus/openQA/commit/b5950273aa4168b20a4c31f03ecc451465d466c9 for a simple example which already covers AC2.1.

Related issues 1 (1 open — 0 closed)

Actions

Also available in: Atom PDF