Hi Aurélien!
thanks for the hard work on the new Bodhi release!
I have a question on the non-interactive way of Bodhi authentication. I understand that supporting OpenID is hard, but are there some other options to support this workflow in the future?
A little bit of context:
* We, as a Packit team, work on the automation of various maintenance tasks. One of them is creating the Bodhi updates. (See packit.dev for more details.)
* Our users can use Packit via CLI and use their identity for Bodhi connections. With this, it's not nice, but doable to open a web-browser. (Not sure how this works in the containerised use-cases.)
* But newly, we support this job in our service that uses `packit` FAS user to create the updates. Here, it's not possible to open any browser.
So:
* Is there some way to get/generate some token that can be used instead of doing this browser workflow?
* Do I get it right from what you wrote about `save_override` that we can generate the session token elsewhere and reuse it in the service? Do you have some details on how this works so we can start working on the move?
* For other Fedora systems, we use Kerberos authentication, are there some plans to add it?
* Ideally, I would like to see it solved also for our CLI users, but at least for Packit's service as a special case.
Thank you in advance for any tips or suggestions!
František Lachman
František Lachman
(CCing the Packit's mailing list.)
On Wed, Apr 6, 2022 at 12:38 PM Aurelien Bompard <abompard@xxxxxxxxxxxxxxxxx> wrote:
_______________________________________________Hey everyone!Bodhi 6.0 will be published in a few days, and deployed to production a couple weeks after the Fedora release. It has backwards-incompatible changes, here's what you need to know.
== Authentication ==
Bodhi gained support for OpenID Connect (OIDC) authentication, like most of Fedora's webapps. OpenID still works but is not the default, you can access it by using `/login?method=openid` as the login URL.
Version 6.0 of the Bodhi client uses only OIDC, plain OpenID support has been dropped. Version 5.7.5 of the Bodhi client, however, uses the new OpenID login URL and has been available for about a month now, you'll need at least version 5.7.5 to use the Bodhi client with the updated server.
The client's API has changed, so if you have a piece of code that imports from `bodhi.client`, you'll have to update it to use the new API, and in the meantime use version 5.7.5.
As a user of the `bodhi` CLI, you'll notice that the `--username` and `--password` options have disappeared. Instead the Bodhi client will ask you to open your browser to a URL to authenticate. The authentication tokens will be saved and you'll be able to use the `bodhi` CLI without authenticating afterwards (or non-interactively).
== Code reorganization ==
The Bodhi source code has been reorganized to drop the hacks used in `setup.py` to support sub-projects. Instead, `bodhi-server`, `bodhi-client` and `bodhi-messages` are now actual Python package directories in the repo. The import path has not changed.
Bodhi's Python project metadata and dependencies are now managed with Poetry <https://python-poetry.org/>.
== Other changes ==
- Serialized `Release` objects sent in the messages don't contain the `composes` property anymore
- The `koji-build-group.build.complete` messages now contain an `update` property
- In the Bodhi client API, the `save_override()` method has been extended to allow setting the expiration date directly
- Misc bug fixesIf you have any questions, feel free to ask the Bodhi team in our matrix room: <https://matrix.to/#/#bodhi:matrix.org>.If you are importing the bodhi client code in your app/script, or using the bodhi client in an "unusual" manner, we'll help you migrate.
Thanks!
Aurélien Bompard
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
