Switch to use bugzilla api key

Username/password is no longer possible as we switched to the two auth factor.
As this nag tool needs access to security issues, we needed to switch to the api_key.

Note: I didn't forward any patch + I am pretty sure that some code related
to login / pass management could be delete

README.rst

@@ -45,13 +45,12 @@ Usage
 Example::
 
     from bugzilla.agents import BMOAgent
-    from bugzilla.utils import get_credentials
 
     # We can use "None" for both instead to not authenticate
-    username, password = get_credentials()
+    api_key = 'xxx'
 
     # Load our agent for BMO
-    bmo = BMOAgent(username, password)
+    bmo = BMOAgent(api_key)
 
     # Set whatever REST API options we want
     options = {
@@ -78,13 +77,15 @@ Query Creator, Automated Nagging Script
 Before running::
 
 1. You'll need to create a writeable 'queries' directory at the top level of the checkout where the script is run from.
-2. you will need a local config for phonebook auth with your LDAP info
+2. Need a local config for phonebook auth with your LDAP info
+3. Need to generate an API key from bugzilla admin ( https://bugzilla.mozilla.org/userprefs.cgi?tab=apikey )
 
 <pre>
 # in scripts/configs/config.json
 {
   "ldap_username": "you@mozilla.com",
-  "ldap_password": "xxxxxxxxxxxxxx"
+  "ldap_password": "xxxxxxxxxxxxxx",
+  "bugzilla_api_key": "xxxxxxxxxxxxxx"
 }
  </pre>
 
@@ -97,7 +98,8 @@ The script does the following:
     # in scripts/configs/config.json
     {
         "ldap_username": "you@mozilla.com",
-        "ldap_password": "xxxxxxxxxxxxxx"
+        "ldap_password": "xxxxxxxxxxxxxx",
+        "bugzilla_api_key": "xxxxxxxxxxxxxx"
     }
 * Creates queries based on the day of the week the script is run
 * Polls the bugzilla API with each query supplied and builds a dictionary of bugs found per query
@@ -110,8 +112,7 @@ The script does the following:
 Running on a server
 -------------------
 
-This needs to run on a private server because it will have both logins for Bugzilla and LDAP so it can't currently be shared access.
-I run this on WebFaction with a wrapper script, virtualenv, and a cronjob:
+This needs to run on a private server because it will have login for LDAP and bugzilla key so it can't currently be shared access.
 
 Cronjob::
   00 14 * * 1-5 $HOME/bin/run_autonags.sh > $HOME/logs/user/autonag.log
@@ -122,20 +123,3 @@ Shell script::
   source $HOME/.virtualenvs/bztools/bin/activate
   cd $HOME/bztools
   /usr/local/bin/python $HOME/bztools/scripts/query_creator.py
-
-
-
-Updating your Bugzilla account
-------------------------------
-
-When you change your Bugzilla password you need to change it in the virtualenv keyring as follows::
-
-  python
-  import keyring
-  keyring.set_password("bugzilla", "username", "password") # using your username and password
-  # Please make sure that any special char in the password must be URL encoded (example: ! = %21)
-  keyring.get_password("bugzilla", "username")  # should confirm the new password
-  exit()
-  deactivate
-
-Then test a dry-run of the cronjob again (with or without the redirect to logs) to make sure the script runs through.

bugzilla/agents.py

@@ -12,7 +12,7 @@ class InvalidAPI_ROOT(Exception):
 
 
 class BugzillaAgent(object):
-    def __init__(self, api_root=None, username=None, password=None):
+    def __init__(self, api_root=None, api_key=None)
 
         if not api_root:
             api_root = os.environ.get('BZ_API_ROOT')
@@ -20,7 +20,7 @@ class BugzillaAgent(object):
                 raise InvalidAPI_ROOT
         self.API_ROOT = api_root
 
-        self.username, self.password = username, password
+        self.api_key = api_key
 
     def get_bug(self, bug, include_fields='_default,token,cc,keywords,whiteboard,comments', exclude_fields=None, params={}):
         params['include_fields'] = [include_fields]
@@ -29,18 +29,16 @@ class BugzillaAgent(object):
         return Bug.get(url)
 
     def get_bug_list(self, params={}):
-        params = urllib.urlencode(params) + '&username=%s' % self.username \
-                                          + '&password=%s' % self.password
+        params = urllib.urlencode(params) + '&Bugzilla_api_key=%s' % self.api_key
         url = self.API_ROOT + 'bug/?' + params
         return BugSearch.get(url).bugs
 
     def qs(self, **params):
-        if self.username and self.password:
-            params['username'] = [self.username]
-            params['password'] = [self.password]
+        if self.api_key:
+            params['api_key'] = [self.api_key]
         return params
 
 
 class BMOAgent(BugzillaAgent):
-    def __init__(self, username=None, password=None):
-        super(BMOAgent, self).__init__('https://bugzilla.mozilla.org/bzapi/', username, password)
+    def __init__(self, api_key=None):
+        super(BMOAgent, self).__init__('https://bugzilla.mozilla.org/bzapi/', api_key)

requirements.txt

@@ -5,7 +5,6 @@ certifi==0.0.8
 chardet==1.0.1
 check
 httplib2==0.9
-keyring==5.0
 path.py==2.2.2
 pep8==0.6.1
 pyflakes==0.5.0

scripts/email_nag.py

@@ -187,6 +187,8 @@ if __name__ == '__main__':
                         help="specify a specific address for sending email"),
     parser.add_argument("-p", "--email-password", dest="email_password",
                         help="specify a specific password for sending email")
+    parser.add_argument("-b", "--bz-api-key", dest="bz_api_key",
+                        help="Bugzilla API key")
     parser.add_argument("-t", "--template", dest="template",
                         required=True,
                         help="template to use for the buglist output")
@@ -216,11 +218,6 @@ if __name__ == '__main__':
 
     options, args = parser.parse_known_args()
 
-    if not options.username:
-        # We can use "None" for both instead to not authenticate
-        username, password = get_credentials()
-    else:
-        username, password = get_credentials(username)
     try:
         int(options.days_since_comment)
     except:
@@ -231,7 +228,7 @@ if __name__ == '__main__':
         options.email_cc_list = DEFAULT_CC
 
     # Load our agent for BMO
-    bmo = BMOAgent(username, password)
+    bmo = BMOAgent(options.bz_api_key)
 
     # Get the buglist(s)
     collected_queries = {}

scripts/query_creator.py

@@ -131,6 +131,7 @@ if __name__ == '__main__':
             "--no-verification",
             "-m", config['ldap_username'],
             "-p", config['ldap_password'],
+            "-b", config['bz_api_key'],
             "-e", "release-mgmt@mozilla.com"]
         for query in queries:
             command.append('-q')