Closed Bug 1616718 Opened 5 years ago Closed 5 years ago

redo bugzilla bits

Categories

(Socorro :: General, task, P1)

Product:
Socorro
Component:
General
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: willkg, Assigned: willkg)

References

Details

Attachments

(2 files)

pr 5395: bug 1616718: fix code to use bugzilla api token if available
53 bytes, text/x-github-pull-request
Details | Review
pr 5399: bug 1616718: add logging for when the BZAPI_TOKEN isn't used
53 bytes, text/x-github-pull-request
Details | Review

Emma sent this email today:

## Bot guidelines ##

If you run a script or bot that uses the Bugzilla API, make sure it is in our 
registry.

Check the registry page because it has requirements we expect all bots 
and scripts to follow by mid-2020: including standard naming, using api 
keys, and our REST interface.

- https://bmo.readthedocs.io/en/latest/api/index.html
- https://wiki.mozilla.org/BMO/Bot_Registry

If you use our old APIs you need to know about their retirement.

## Old interfaces going away ##

We plan to shut down the JSONRPC (https://bugzilla.mozilla.org/jsonrpc.cgi), 
XMLRPC (https://bugzilla.mozilla.org/xmlrpc.cgi), and BzAPI 
(https://bugzilla.mozilla.org/bzapi/) interfaces by the end of June, 2020.

If you use one of these, you will need to update your code to use REST. That 
interface is documented, and if you find problems or issues with it please file a bug.

- https://bmo.readthedocs.io/en/latest/api/
- https://bugzilla.mozilla.org/enter_bug.cgi?product=bugzilla.mozilla.org&component=API

This would be a good time to move the definition of the base URL you use to 
access our API to a configuration in your applications using it.

- https://bugzilla.mozilla.org/rest

I know we've got some things that use Bugzilla and I think they're using the bzapi.

This bug covers going through, inventorying what in Socorro uses Bugzilla, and spinning off bugs to update things to the new way.

Making this a P1 because this has a deadline that's not very far away.

Priority: -- → P1

Putting this on my plate to get done soon because there's urgency.

Assignee: nobody → willkg
Status: NEW → ASSIGNED

Things in Socorro that in any way use Bugzilla:

  1. There are "create a bug" links on the crash report views.

    We don't have to do anything with those--they're fine.

  2. The Report view and Signature Report view both have a bugzilla tab which lists related bugs. Those use the buginfo view which uses the BugzillaBugInfo model.

    This is using the right API endpoint--so that's fine.

    We don't want to use an API key because this information is public. However, we do want to identify as Socorro so they can differentiate our requests from other systems'. Maybe we can use the user agent to identfy? Maybe we need to create a bot account in Bugzilla and an API token that can't do anything?

  3. The bugassociations cron task does Bugzilla queries.

    This is using the right API endpoint--so that's fine.

    We need to identify as Socorro here, too.

Next steps:

  1. Figure out how to mark our requests as coming from Socorro and maybe create a bugzilla account.
  2. Fill out the bot registry.

I added an entry to the bot registry.

Socorro adds "socorro-requests" to the user agent. We should consider adding a url to that to make it easier for people to identify Socorro requests.

The Bots wiki page says bots must use a Bugzilla account with a bots.tld domain, but may use an API token. I don't want to create a Bugzilla account if we don't have to since I'm pretty sure it requires 2FA and will be difficult to deal with for future Socorro maintainers. I do want Bugzilla admin to be able to identify Socorro traffic. Maybe the user agent is sufficient? I asked on #bmo on Slack what we should do.

dkl said we should create a Bugzilla account and use an API token.

Brian: Can you set up a Bugzilla account for Socorro to use that has a bots.tld domain name in the email address? Then can you give it an API token?

Socorro only runs queries, so the account doesn't need elevated permissions.

I think we should use the same account for stage and prod.

Flags: needinfo?(bpitts)

"that has a bots.tld domain name in the email address"

I don't understand this. Checking the links above I don't see an explanation of what bots.tld is or how I would create a valid email address using it. Googling "bots.tld" isn't helping me either. I don't understand how I could create a Bugzilla account using an address that I can't receive email to, or why the Bugzilla admins would want me to do this. What am I missing?

Flags: needinfo?(bpitts)

The answer is

file a bug and ask for the bot account <bot>@bots.tld. The BMO admins (most likely dkl) will set the PW and send back the creds. bug would probably be filed under product bugzilla.mozilla.org, Component, General.

I'll do that.

Depends on: 1637287

Willkg, I have a socorro@bots.tld and an API key for it now. Let me know where to stuff this in the socorro infra code.

Flags: needinfo?(willkg)

I have to make the code changes to use the API token. I'm working on that today.

I created an account on the Bugzilla dev server (https://bugzilla-dev.allizom.org/) using my GitHub account and created an API token there to test with.

Docs are here: https://bmo.readthedocs.io/en/latest/api/core/v1/general.html#authentication

Should have something done either tonight or tomorrow morning.

Flags: needinfo?(willkg)

Brian: Can you set BZAPI_TOKEN to the Bugzilla API token for stage and prod?

In my local dev env with my fake token, it looks like this:

BZAPI_TOKEN=6gNTl48ccisCBLupi4LHUKwXxxxxxxxxxxxxxxxx
Flags: needinfo?(bpitts)

This needs done for both the webapp and the crontabber?

Yes. It's used by both services.

I tweaked the logging to also log when there isn't a token set in the environment. That led to discovering the token wasn't set in the crontabber service environment. After fixing that and getting it deployed to stage with Brian's help, I verified that the bugassociation cron job now runs with BZAPI_TOKEN and we're all set on stage. Yay!

We deployed socorro to prod in bug #1639578. I verified it's using a API token in prod. Marking as FIXED.

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: