CDash Authenticated Submissions

Up until now, CDash has always accepted submissions without requiring authentication.   To support open-source collaborative development, we wanted to make it quick and easy for developers and users to share build results with each other.   This leads to the quick identification and resolution of problems related to building and testing software.

However, we recognize that situations may arise where you need to restrict who is allowed to submit to your CDash project.  For this reason, we are proud to announce support for authenticated submissions to CDash.  This feature is currently available in CDash and CMake master, and it will be included in our upcoming releases of CDash (2.6) and CMake (3.9).

Instructions for use

A CDash project admin will need to configure the project to only accept submissions from authorized users.  You can access the “Edit Project” page by clicking on “Project” in the “Settings” drop-down menu.

Navigate to the "Edit Project" page

 

Check the Authenticate Submissions box and click the Update Project button.

 

Now you need to generate a new authentication token to be able to submit to your project.  Click on the “My CDash” link in the upper-left corner of the page.  Your user page now displays a new section: Authentication Tokens.  Enter a description for this new token, such as what site it will be used from, or what project it will be used for, and click Generate Token.  Be sure to copy the newly generated token before leaving this page.

 

Next, tell CTest to present this token when submitting files to CDash.  This is accomplished by using the new HTTPHEADER argument to ctest_submit.  Here’s an example of how to do this:

set(_auth_token “9c7310ae191c88aebad212f79c2d0b5b”)

ctest_submit(HTTPHEADER “Authorization: Bearer ${_auth_token})

 

If you don’t specify a valid token, CDash will reject the submission:

Error when uploading file: Build.xml

Error message was: The requested URL returned error: 401 Unauthorized

Notes

By default, tokens expire six months after creation.  This time frame is defined by $CDASH_TOKEN_DURATION in config.php.  If you set this variable to 0 then tokens will not expire.

Authentication tokens are associated with the user that created them, not with any particular project.  If you wish to stop a particular submission you should revoke that user’s access to your project.  Any tokens they’ve generated will still exist, but these tokens will no longer grant access to your project.

Because authentication tokens are presented each time CTest submits to CDash, this feature should only be used when submitting to a CDash instance that uses HTTPS.

Questions or comments are always welcome!