Re: Action Required: Bugzilla - API Authentication changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Feb 1, 2022 at 12:37 PM Miro Hrončok <mhroncok@xxxxxxxxxx> wrote:
>
> -------- Forwarded Message --------
> Subject: [Bugzilla-announce-list] Action Required: Bugzilla - API
> Authentication changes
> Date: Tue, 1 Feb 2022 12:28:13 +1000
> From: Jeff Fearn <jfearn@xxxxxxxxxx>
> To: bugzilla-announce-list@xxxxxxxxxx
>
> Tl;dr From Monday 28th February, applications making API calls to Bugzilla may
> no longer authenticate using passwords or supplying API keys in call
> parameters. Instead, API keys must be supplied in the Authorization header.
>
> Support for using the Authorization header has been deployed to all Red Hat
> Bugzilla instances. You can change your code at any time and not have to wait
> for the old methods to be disabled.
>
> We will require all authenticated API usage to use this new method; this will
> break API access to Red Hat Bugzilla for any tools that don't use the
> Authorization header [1].
>
> If you are not certain your tooling authenticates using this header then you
> need to take action to confirm it does and to modify your tooling to use it if
> it doesn't.
>
> This new method does away with logging in and out of the API and uses API_KEYs
> in a standard Authorization header. This header needs to be sent with every
> call to the API.
>
> The old methods will be disabled on a rolling basis across the RHBZ servers.
>
> Target Dates:
>
> https://bugzilla.stage.redhat.com - Mon 07th Feb 00:00 UTC
> https://bugzilla.redhat.com - Mon 28th Feb 00:00 UTC
>
> IMPORTANT
>
> If you attempt to use an old method to authenticate to the API after this
> change has been made, the API_KEY or password supplied will be treated as
> potentially compromised and invalidated immediately. If you supplied your
> password then you will need to follow the forgot password process to reset it.
> If you supplied an API_KEY it will have been banned and you will need to
> generate a new API_KEY in the UI.
>
> This invalidation will happen every time an attempt to use an outdated
> authentication method is detected.
>
> If you are using python-bugzilla you need to upgrade to version 3.2.0 which
> will automatically use the new method of authentication.
>
> If you are using other tools you will need to look into how they work and see
> how to adjust them to use the Authorization header instead of the other parameters.
>
> If you need assistance understanding how to update your applications, please
> reach out to us by the following means.
>
> - If you have an active subscription via https://access.redhat.com/support/
>
> - If you are a Red Hat Partner then please contact your partner representative
>
> - Or email us at bugzilla-owner@xxxxxxxxxx
>
> The Red Hat Bugzilla Team.

Hi Miro,

Thanks for forwarding this announcement.
Apparently the talk about "improving communication between RHBZ and
the Fedora Project" has not born fruit yet. ;)

Do we know if any of our tools and scripts that interact with RHBZ
will get broken by this?
I assume you have an eye on at least some of the releng scripts (FTI,
FTBFS, etc.).
But what about fedora-review? fedora-create-review? The tool that
syncs assignees from dist-git to RHBZ?

Fabio
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux