PR#232: bugzilla: introduce BUGZILLA_API_KEY - fedora-qa/blockerbugs

fedora-qa / blockerbugs

#232 bugzilla: introduce BUGZILLA_API_KEY

Closed 2 years ago by kparal. Opened 2 years ago by kparal.

feature/bugzilla-apikey into develop

bugzilla: introduce BUGZILLA_API_KEY

Kamil Páral • 2 years ago

459579c

blockerbugs/__init__.py

file modified

+5 -3

		`@@ -59,12 +59,14 @@`
		`if os.getenv('DEBUG') == 'true':`
		`app.config["DEBUG"] = True`

		`- # Make sure config URLs end with a slash, so that we have them all in an`
		`- # expected format`
		`- for key in ['BUGZILLA_URL', 'BODHI_URL', 'FAS_BASE_URL', 'PAGURE_URL', 'PAGURE_API']:`
		`+ # Make sure config URLs end with a slash, so we have them always in the same format`
		`+ for key in ['BODHI_URL', 'FAS_BASE_URL', 'PAGURE_URL', 'PAGURE_API']:`
		`if not app.config[key].endswith('/'):`
		`app.config[key] = app.config[key] + '/'`

		`+ # Unfortunately BUGZILLA_URL mustn't end with a slash, otherwise bugzilla.Bugzilla() init fails`
		`+ app.config['BUGZILLA_URL'] = app.config['BUGZILLA_URL'].rstrip('/')`
		`+`

		`def setup_logging():`
		`formatter = logging.Formatter(`

blockerbugs/cli.py

file modified

+4 -9

		`@@ -147,14 +147,12 @@`
		`config_file.write("SQLALCHEMY_DATABASE_URI = '%s'\n" % dburi or '')`
		`# leave places for the other config values generally needed`
		`config_file.write("FAS_ADMIN_GROUP = ''\n")`
		`- config_file.write("FAS_USER = ''\n")`
		`- config_file.write("FAS_PASSWORD = ''\n")`
		`config_file.write("PAGURE_REPO_TOKEN = ''\n")`
		`config_file.close()`


		`- def check_blockers(bzurl):`
		`- bzinterface = BlockerBugs(url=bzurl)`
		`+ def check_blockers():`
		`+ bzinterface = BlockerBugs()`
		`active_milestones = Milestone.query.filter_by(active=True).all()`
		`for milestone in active_milestones:`
		`missing_bugs = []`
		`@@ -185,21 +183,18 @@`
		`# Related: https://pagure.io/fedora-qa/blockerbugs/issue/184`
		`fullsync = True`

		`- # grab the URL from app config so that it's syncing from the right place`
		`- bzurl = app.config['BUGZILLA_XMLRPC']`
		`-`
		`current_milestone = Milestone.query.filter_by(active=True).first()`
		`if not current_milestone:`
		`sys.stderr.write('BugSync ERROR: No active releases found!')`
		`sys.exit(1)`

		`- sync = BugSync(db, url=bzurl)`
		`+ sync = BugSync(db)`

		`sync.update_active(full_sync=fullsync)`

		`if docheck:`
		`print("Checking bug sync status")`
		`- check_blockers(bzurl)`
		`+ check_blockers()`


		`def sync_updates(args):`

blockerbugs/config.py

file modified

+8 -8

		`@@ -32,15 +32,16 @@`
		`SECRET_KEY = None # REPLACE THIS WITH A RANDOM STRING`
		`SQLALCHEMY_DATABASE_URI = 'sqlite://' # just 'sqlite://' without a path means an in-memory db`
		`SQLALCHEMY_TRACK_MODIFICATIONS = False`
		`- BUGZILLA_URL = 'https://bugzilla.stage.redhat.com/'`
		`- BUGZILLA_XMLRPC = BUGZILLA_URL + 'xmlrpc.cgi'`
		`+ BUGZILLA_URL = 'https://bugzilla.stage.redhat.com'`
		`+ BUGZILLA_API_KEY = ''`
		`BODHI_URL = 'https://bodhi.stg.fedoraproject.org/'`
		`FAS_ENABLED = False`
		`"""When FAS is not enabled, a fake stub is used instead, which allows the user to log in (under`
		`the credentials+groups defined here in this config) without authentication."""`
		`FAS_ADMIN_GROUP = 'qa-admin'`
		`- FAS_USER = ''`
		`- FAS_PASSWORD = ''`
		`+ FAS_USER = 'developer'`
		`+ """This is mostly useful for developers, when they want to simulate a login for a certain`
		`+ user."""`
		`FAS_HTTPS_REQUIRED = False`
		`FAS_CHECK_CERT = False`
		`FAS_BASE_URL = 'https://admin.stg.fedoraproject.org/accounts/'`
		`@@ -82,8 +83,7 @@`
		"""A `Config` subclass intended for a production deployment"""
		`PRODUCTION = True`
		`DEBUG = False`
		`- BUGZILLA_URL = 'https://bugzilla.redhat.com/'`
		`- BUGZILLA_XMLRPC = BUGZILLA_URL + 'xmlrpc.cgi'`
		`+ BUGZILLA_URL = 'https://bugzilla.redhat.com'`
		`BODHI_URL = 'https://bodhi.fedoraproject.org/'`
		`FAS_ENABLED = True`
		`FAS_HTTPS_REQUIRED = True`
		`@@ -124,9 +124,9 @@`
		`sys.exit(1)`

		`# And then try to get more data from OpenShift env`
		`- additional_env_keys = ["FAS_PASSWORD", "FAS_USER", "FAS_ADMIN_GROUP", "PAGURE_REPO_TOKEN", "PAGURE_REPO_WEBHOOK_KEY",`
		`+ additional_env_keys = ["FAS_ADMIN_GROUP", "PAGURE_REPO_TOKEN", "PAGURE_REPO_WEBHOOK_KEY",`
		`"PAGURE_REPO", "PAGURE_BOT_USERNAME", "PAGURE_BOT_ENABLED", "PAGURE_URL", "PAGURE_API",`
		`- "BUGZILLA_URL", "BUGZILLA_XMLRPC", "BODHI_URL", "BLOCKERBUGS_URL", "BLOCKERBUGS_API",`
		`+ "BUGZILLA_URL", "BUGZILLA_API_KEY", "BODHI_URL", "BLOCKERBUGS_URL", "BLOCKERBUGS_API",`
		`"SECRET_KEY", "FAS_BASE_URL"]`
		`missing_data = False`

blockerbugs/controllers/main.py

file modified

+18 -24

		`@@ -28,8 +28,7 @@`
		`import itertools`

		`from blockerbugs import app, db, __version__`
		`- from blockerbugs.util.bz_interface import BlockerProposal, BZInterfaceError`
		`- from blockerbugs.util import pagure_bot`
		`+ from blockerbugs.util import bz_interface, pagure_bot`
		`from blockerbugs.models.bug import Bug`
		`from blockerbugs.models.milestone import Milestone`
		`from blockerbugs.models.update import Update`
		`@@ -403,23 +402,17 @@`

		`def get_bugzilla():`
		`# create bz interface object using the app's config settings`
		`- if not app.testing:`
		`- if app.config.get('FAS_USER'):`
		`-`
		`- app.logger.debug('logging into bugzilla (%s) as %s' % (app.config['BUGZILLA_XMLRPC'], app.config['FAS_USER']))`
		`-`
		`- return bugzilla.RHBugzilla4(url=app.config['BUGZILLA_XMLRPC'],`
		`- user=app.config['FAS_USER'],`
		`- password=app.config['FAS_PASSWORD'],`
		`- cookiefile=None,`
		`- tokenfile=None)`
		`- else:`
		`- app.logger.warning('No FAS_USER configured. bugzilla modifications will NOT work!')`
		`- return bugzilla.RHBugzilla4(url=app.config['BUGZILLA_XMLRPC'], cookiefile=None, tokenfile=None)`
		`- else:`
		`+ if app.testing:`
		`app.logger.error('Bugzilla connections with test configuration is not supported!')`
		`return None`

		`+ if app.config.get('BUGZILLA_API_KEY'):`
		`+ app.logger.debug('logging into bugzilla (%s) with an api key', app.config['BUGZILLA_URL'])`
		`+ else:`
		`+ app.logger.warning('No BUGZILLA_API_KEY configured. bugzilla modifications will NOT work!')`
		`+`
		`+ return bz_interface.create_bugzilla()`
		`+`

		`@main.route('/fas_bugzilla', methods=['GET', 'POST'])`
		`@fas_login_required`
		`@@ -429,10 +422,11 @@`
		`if fas_bz_form.validate_on_submit():`
		`try:`
		`# try logging into bz if user/pass are valid`
		`- bz = bugzilla.RHBugzilla4(url=app.config['BUGZILLA_XMLRPC'],`
		`- user=fas_bz_form.bz_user.data,`
		`- password=fas_bz_form.bz_pass.data,`
		`- cookiefile=None, tokenfile=None)`
		`+ bz = bugzilla.RHBugzilla4(url=app.config['BUGZILLA_URL'],`
		`+ user=fas_bz_form.bz_user.data,`
		`+ password=fas_bz_form.bz_pass.data,`
		`+ use_creds=False,`
		`+ force_xmlrpc=True)`
		`bz.disconnect()`

		`#create new user_info if user with given FAS-login does not exist`
		`@@ -488,13 +482,13 @@`
		`# The form does basic datatype validation but we need to check for valid`
		`# data`
		`bz = get_bugzilla()`
		`- proposer = BlockerProposal(bz, bugid, trackers, bugform.blocker.data,`
		`- bugform.freeze_exception.data, user_info.bz_user)`
		`+ proposer = bz_interface.BlockerProposal(bz, bugid, trackers, bugform.blocker.data,`
		`+ bugform.freeze_exception.data, user_info.bz_user)`

		`# check bug to make sure it exists and that it isn't closed`
		`try:`
		`proposer.check_proposed_bug()`
		`- except BZInterfaceError as e:`
		`+ except bz_interface.BZInterfaceError as e:`
		`bugform.bugid.errors = [e.msg]`

		`# check to make sure that any proposals aren't being re-done`
		`@@ -516,7 +510,7 @@`
		`return render_template('thanks.html', bugid=bugid,`
		`isblocker=bugform.blocker.data,`
		`isfe=bugform.freeze_exception.data)`
		`- except BZInterfaceError as e:`
		`+ except bz_interface.BZInterfaceError as e:`
		`bugform.bugid.errors = [e.msg]`
		`app.logger.info('bug proposal form errors: %s' % e.msg)`
		`else:`

blockerbugs/templates/bug_tooltip.html

file modified

+1 -1

		`@@ -29,7 +29,7 @@`
		`External links:`
		`<td><a href='https://koji.fedoraproject.org/koji/search?type=package&match=glob&terms={{ packagename }}' title="Koji Builds" target="_blank" rel="noopener"><img alt="Koji" src="{{ url_for('static', filename='img/koji_icon.png') }}"></a></td>`
		`<td><a href='https://src.fedoraproject.org/rpms/{{ packagename }}' title="Package Source" target="_blank" rel="noopener"><img alt="Package Source" src="{{ url_for('static', filename='img/pkgsrc_icon.png') }}"></a></td>`
		`- <td><a href='{{ bz_url }}buglist.cgi?bug_status=__open__&classification=Fedora&product=Fedora&product=Fedora%20EPEL&component={{ packagename }}' title="Component Bugs" target="_blank" rel="noopener"> <img alt="Component Bugs" src="{{ url_for('static', filename='img/bugzilla_icon.png') }}"></a></td>`
		`+ <td><a href='{{ bz_url }}/buglist.cgi?bug_status=__open__&classification=Fedora&product=Fedora&product=Fedora%20EPEL&component={{ packagename }}' title="Component Bugs" target="_blank" rel="noopener"> <img alt="Component Bugs" src="{{ url_for('static', filename='img/bugzilla_icon.png') }}"></a></td>`
		`</div>`
		`</div>`
		`</div>`

blockerbugs/templates/bug_tooltip_deps.html

file modified

+1 -1

		`@@ -1,4 +1,4 @@`
		`<b>Depends on the following bugs:</b><br>`
		`{% for dep in bug.depends_on %}`
		`- <a href="{{ bz_url }}show_bug.cgi?id={{ dep }}" target="_blank" rel="noopener">{{ dep }}</a><br>`
		`+ <a href="{{ bz_url }}/show_bug.cgi?id={{ dep }}" target="_blank" rel="noopener">{{ dep }}</a><br>`
		`{% endfor %}`

blockerbugs/templates/milestone_info.html

file modified

+2 -2

		`@@ -32,8 +32,8 @@`
		`</thead>`
		`<tbody>`
		`<tr>`
		`- <td><a href="{{ bz_url }}show_bug.cgi?id={{ info['blocker_tracker'] }}"> {{ info['blocker_tracker'] }}</a></td>`
		`- <td><a href="{{ bz_url }}show_bug.cgi?id={{ info['fe_tracker'] }}"> {{ info['fe_tracker'] }}</a></td>`
		`+ <td><a href="{{ bz_url }}/show_bug.cgi?id={{ info['blocker_tracker'] }}"> {{ info['blocker_tracker'] }}</a></td>`
		`+ <td><a href="{{ bz_url }}/show_bug.cgi?id={{ info['fe_tracker'] }}"> {{ info['fe_tracker'] }}</a></td>`
		`</tr>`
		`</tbody>`
		`</table>`

blockerbugs/util/bug_sync.py

file modified

+2 -4

		`@@ -34,13 +34,11 @@`
		`"""Main class for syncing existing and retrieving new blocker (and other) bugs"""`

		`def __init__(self, db: flask_sqlalchemy.SQLAlchemy,`
		`- bzinterface: Optional[bz_interface.BlockerBugs] = None, url: Optional[str] = None`
		`- ) -> None:`
		`- """:param url: Bugzilla API url"""`
		`+ bzinterface: Optional[bz_interface.BlockerBugs] = None) -> None:`
		`self.db: flask_sqlalchemy.SQLAlchemy = db`
		`self.log: logging.Logger = logging.getLogger('bug_sync')`
		`self.bzinterface: bz_interface.BlockerBugs = (bzinterface or`
		`- bz_interface.BlockerBugs(url=url))`
		`+ bz_interface.BlockerBugs())`

		`def extract_information(self, bug: bzBug, tracker_type: str) -> dict[str, Any]:`
		`"""Create a dict with extracted Bug information. See the code to learn the dict keyvals.`

blockerbugs/util/bz_interface.py

file modified

+36 -24

		`@@ -21,6 +21,7 @@`

		`import logging`
		`import datetime`
		`+ import urllib.parse`
		`from typing import Optional, Any`

		`import bugzilla`
		`@@ -39,6 +40,34 @@`
		`'limit': BUGZILLA_QUERY_LIMIT}`


		`+ def create_bugzilla(url: Optional[str] = None,`
		`+ api_key: Optional[str] = None) -> bugzilla.Bugzilla:`
		+ """Create a `bugzilla.Bugzilla` instance. If function arguments are left empty, the values are
		`+ loaded from the config file. If api_key is used (i.e. the query is not anonymous), Bugzilla is`
		`+ checked whether the key was accepted (otherwise an exception is raised).`
		`+ """`
		`+ # FIXME: xmlrpc must be used until https://pagure.io/fedora-qa/blockerbugs/issue/184 is resolved`
		`+ bz = bugzilla.Bugzilla(url=url or app.config['BUGZILLA_URL'],`
		`+ api_key=api_key or app.config['BUGZILLA_API_KEY'],`
		`+ use_creds=False,`
		`+ force_xmlrpc=True)`
		`+ if bz.api_key:`
		`+ # Verify successful authentication. This immediately raises an exception if auth fails.`
		`+ ok = bz.logged_in`
		`+ assert ok is True`
		`+`
		`+ return bz`
		`+`
		`+`
		`+ def get_bugzilla_url(bz: bugzilla.Bugzilla) -> str:`
		`+ """Get main bugzilla url (e.g. 'https://bugzilla.redhat.com') from an existing`
		+ `bugzilla.Bugzilla` instance.
		`+ """`
		`+ parsed_uri = urllib.parse.urlparse(bz.url)`
		`+ url = '{uri.scheme}://{uri.netloc}'.format(uri=parsed_uri)`
		`+ return url`
		`+`
		`+`
		`class BZInterfaceError(Exception):`
		`"""A custom wrapper for XMLRPC errors from Bugzilla"""`

		`@@ -52,31 +81,14 @@`
		`class BlockerBugs():`
		`"""The main class for querying Bugzilla"""`

		`- def __init__(self, user: Optional[str] = None, password: Optional[str] = None,`
		`- url: Optional[str] = 'https://bugzilla.redhat.com/xmlrpc.cgi',`
		`- bz: Optional[bugzilla.Bugzilla] = None,`
		`+ def __init__(self, bz: Optional[bugzilla.Bugzilla] = None,`
		`logger: Optional[logging.Logger] = None) -> None:`
		- """:param user: Username to log in as. Use `None` for anonymous access.
		- :param password: User password. Use `None` for anonymous access.
		`- :param url: Bugzilla API url.`
		- :param bz: `Bugzilla` instance. Created automatically if not provided. If provided,
		- the `user`, `password` and `url` values are ignored.
		+ """:param bz: `bugzilla.Bugzilla` instance. Created automatically if not provided.
		:param logger: A custom `Logger` instance. Otherwise a default Logger is created.
		`"""`
		`self.logger = logger or logging.getLogger('bz_interface')`
		`- self.bz: bugzilla.Bugzilla = bz`
		`- if not bz:`
		`- if not (user and password):`
		`- self.bz = bugzilla.Bugzilla(url=url,`
		`- cookiefile=None,`
		`- tokenfile=None)`
		`- else:`
		`- self.bz = bugzilla.Bugzilla(url=url,`
		`- user=user,`
		`- password=password,`
		`- cookiefile=None,`
		`- tokenfile=None)`
		`- self.logger.info('Using bugzilla URL: %s' % url)`
		`+ self.bz: bugzilla.Bugzilla = bz or create_bugzilla()`
		`+ self.logger.info('Using bugzilla URL: %s', get_bugzilla_url(self.bz))`

		`# https://bugzilla.stage.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED`
		`# &bug_status=POST&bug_status=MODIFIED&classification=Fedora&component=anaconda&f1=component`
		`@@ -88,7 +100,7 @@`

		`:param last_update: If provided, the query is modified to ask only about bugs which have`
		`recent modifications; otherwise asks about all bugs.`
		`- :offset: offset to the query instead of just getting the first N results`
		`+ :param offset: offset to the query instead of just getting the first N results`
		:returns: a dict which can be fed into `bugzilla.Bugzilla.query()`.
		`"""`
		`query = {}`
		`@@ -171,9 +183,9 @@`
		`# https://bugzilla.redhat.com/buglist.cgi?bug_status=__open__&`
		`# f1=flagtypes.name&o1=substring&query_format=advanced&v1=fedora_prioritized_bug%2B`
		`query = self.bz.url_to_query(`
		`- "{}buglist.cgi?bug_status=__open__&f1=flagtypes.name&o1=substring"`
		`+ "{}/buglist.cgi?bug_status=__open__&f1=flagtypes.name&o1=substring"`
		`"&query_format=advanced&v1=fedora_prioritized_bug%2B".format(`
		`- app.config['BUGZILLA_URL']))`
		`+ get_bugzilla_url(self.bz)))`
		`buglist = self.bz.query(query)`
		`return buglist`

blockerbugs/util/login.py

file modified

+1 -1

		`@@ -50,7 +50,7 @@`
		`puts it into the admin group (as defined in the app config).`
		`"""`
		`fake_user = munch.Munch(`
		`- username=app.config['FAS_USER'] or 'developer',`
		`+ username=app.config['FAS_USER'],`
		`groups=[app.config['FAS_ADMIN_GROUP']])`

		`def __init__(self, app):`

conf/settings.py.example

file modified

+2 -4

		`@@ -4,10 +4,8 @@`
		`SQLALCHEMY_DATABASE_URI = 'postgresql+psycopg2://dbuser:dbpassword@dbhost:dbport/dbname'`
		`FAS_ENABLED = False`
		`FAS_ADMIN_GROUP = "magic-fas-group"`
		`- FAS_USER = "magicuser@unicornsarereal.com"`
		`- FAS_PASSWORD = "password"`
		`- BUGZILLA_URL = 'https://bugzilla.stage.redhat.com/'`
		`- BUGZILLA_XMLRPC = 'https://bugzilla.stage.redhat.com/xmlrpc.cgi'`
		`+ BUGZILLA_URL = 'https://bugzilla.stage.redhat.com'`
		`+ BUGZILLA_API_KEY = '' # INSERT YOUR SECRET API KEY FROM BUGZILLA USER SETTINGS`
		`BODHI_URL = 'https://admin.stg.fedoraproject.org/updates/'`
		`FILE_LOGGING = False`
		`LOGFILE = '/var/log/blockerbugs/blockerbugs.log'`

kparal commented 2 years ago

This adds BUGZILLA_API_KEY into config, which is then used for bugzilla
authentication in each call. This replaces FAS_USER + FAS_PASSWORD (formerly
used only for proposing blockers).

This change is mandated by a recent authentication change in Bugzilla:
https://listman.redhat.com/archives/bugzilla-announce-list/2022-February/msg00000.html

This patch fixes the actual bug proposal submission process, but doesn't fix
verifying bugzilla accounts for users, yet.

Also, BUGZILLA_XMLRPC config option got dropped, because it's not needed for
python-bugzilla, we can feed it with BUGZILLA_URL.

This is still somewhat WIP. Reviews welcome, though.