Whitelist of ip's for incoming http posts

[jbergstroem]

We should be able to limit from where we accept incoming http posts so we don't have to rely on obscurity for endpoint url.

[williamkapke]

I would love to say this is a MUST have- however, with a grain of salt.

Someone can just setup an org and point their webhooks at the bot and get around it. This means it will be extremely important for scripts to verify the source org in the payload... well, really, this should probably be done at the core of the bot rather than in each script. It's easy to add.

I'm not sure if Github guarantees the ip address(s?) will not change.

Webhooks allow you to set a "secret"- we should utilize this too.

[jbergstroem]

For github its more appropriate to use a secret as part of the uri; but since we can control Jenkins<>gh bot we should use a whitelist for that.

[phillipj]

@jbergstroem how do we get a hold of the IPs to whitelist? Copy-n-paste from build/setup? Or maybe request the master Jenkins instance to validate there's a slave with a given IP?

[jbergstroem]

@phillipj it will be a small list, almost never changing. Just adding an environment variable where we can throw ip's separated by space/comma would be fine.

[Starefossen]

Whitelist will be applied to unauthenticated requests without a token (aka Jenkins), right?

[jbergstroem]

@Starefossen said:
Whitelist will be applied to unauthenticated requests without a token (aka Jenkins), right?

Yes, but we could use both as well. No point in allowing anyone but Jenkins hosts to talk to that api anyway.

[phillipj]

@jbergstroem now that this is merged.. Any tips on getting a hold of the IPs of all the Jenkins workers?