Closed Bug 1814226 Opened 2 years ago Closed 2 years ago

create a custom API endpoint for uplift automation bug changes

Categories

(bugzilla.mozilla.org :: API, task)

Product:
bugzilla.mozilla.org
Component:
API
Type:
task

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: sheehan, Assigned: dkl)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

[mozilla-bteam/bmo] Bug 1814226 - create a custom API endpoint for uplift automation bug changes (#2014)
46 bytes, text/x-github-pull-request
Details | Review

Lando makes some updates to BMO on landing of uplift patches, such as setting some uplift approval flags, clearing whiteboard, etc. In the future the number of tasks Lando performs on update may expand to include more functionality. This poses a problem for security bugs as we must give the Lando BMO user access to those bugs, which is undesirable from a security perspective.

dkl and glob propose we instead add a special API endpoint to perform uplift automation changes. This endpoint can make changes to security bugs, but can only be called by the Lando automation user and can only perform the specific functions required for uplift changes. This would avoid having to give Lando access to lots of sec bugs.

dkl will be able to set this up with much less effort than myself. :)

Assignee: nobody → dkl

Is there a list of actions that Lando needs to take on a bug report today so that we can get a list of requirements for this bug to be fixed?

Basically the endpoint will check the API key used and make sure the login is the configured login. Otherwise bail out. Then I need to know what changes are needed to make on the bug (s) and whether we should email about these changes.

Flags: needinfo?(sheehan)

(In reply to David Lawrence [:dkl] from comment #2)

Is there a list of actions that Lando needs to take on a bug report today so that we can get a list of requirements for this bug to be fixed?

The bug updating code is in uplift.py in Lando. The functions it currently performs are:

  • Updating the cf_status_firefox{milestone} flags.
  • Updating the whiteboard to remove values.

I believe we would want to send emails about these changes.

Basically the endpoint will check the API key used and make sure the login is the configured login. Otherwise bail out. Then I need to know what changes are needed to make on the bug (s) and whether we should email about these changes.

It would be best if we could somehow re-use the existing API code, ie forward the input to this API endpoint to the standard API endpoint after some validations. If we need to add more bug-updating capabilities to Lando in the future we can do so using the standard API, and just add to a list of allowed changes in this new endpoint.

Flags: needinfo?(sheehan)

(In reply to Connor Sheehan [:sheehan] from comment #3)

The bug updating code is in uplift.py in Lando. The functions it currently performs are:

  • Updating the cf_status_firefox{milestone} flags.
  • Updating the whiteboard to remove values.

It would be best if we could somehow re-use the existing API code, ie forward the input to this API endpoint to the standard API endpoint after some validations. If we need to add more bug-updating capabilities to Lando in the future we can do so using the standard API, and just add to a list of allowed changes in this new endpoint.

I will see what is possible but the older WebService code is not really written in a way that make it easy to reuse or call from other code. It may just be easier to add duplicate code to the custom endpoint that just does the actions we need. But I will try it in different ways to see if we can minimize the maintenance cost.

Questions:

  • Do we also need a new endpoint for Lando to get the current value of the whiteboard so it can do the removal of the checkin-needed text and send the updated value back?
  • Right now if a bug is private, Lando would not be able to get the bug details before making the updates.
  • Status flags are not as important since if we set the flag to the same value it just becomes a no-op.
Flags: needinfo?(sheehan)

(In reply to David Lawrence [:dkl] from comment #6)

Questions:

  • Do we also need a new endpoint for Lando to get the current value of the whiteboard so it can do the removal of the checkin-needed text and send the updated value back?
  • Right now if a bug is private, Lando would not be able to get the bug details before making the updates.

Yes, we do. Right now we're hitting /rest/bug with id in the params to get the current bug information. If we could hit the new endpoint with a GET and have it only return the relevant information that would work well.

  • Status flags are not as important since if we set the flag to the same value it just becomes a no-op.

Good to know, thanks.

Flags: needinfo?(sheehan)

Merged

Group: mozilla-employee-confidential
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Blocks: 1818281
Blocks: 1818541
Depends on: 1818562
See Also: → 1818562
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: