That's great news! In-repo configs will speed up development for teams,
with a security caveat for infrastructure team to keep in mind. The
ansible runner CI node which runs playbooks for defined jobs, should not
content sensitive information, like keys and secrets in files or
exported env vars, unless they are a one time or limited in time. The
same applies to the nodepool nodes allocated for a particular CI test
run. Otherwise, a malformed patch could make ansible to cat/echo all of
the secrets to the publicly available build logs.

> ________________________________________
> From: Monty Taylor [mordred at inaugust.com]
> Sent: 01 March 2017 7:26
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: [openstack-dev] Zuul v3 - What's Coming: What to expect with
the       Zuul v3 Rollout
>
> ...
> * Self-testing In-Repo Job Config
> * Ansible Job Content
> ...

-- 
Best regards,
Bogdan Dobrelya,
Irc #bogdando

-- 
Best regards,
Bogdan Dobrelya,
Irc #bogdando

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to