This is an automated email from the ASF dual-hosted git repository.
dongjoon pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new c17fc5a189f9 [SPARK-48963][INFRA] Support `JIRA_ACCESS_TOKEN` in
translate-contributors.py
c17fc5a189f9 is described below
commit c17fc5a189f9cdcc9727e6330312f8c455a2c17e
Author: Kent Yao <[email protected]>
AuthorDate: Mon Jul 22 08:59:12 2024 -0700
[SPARK-48963][INFRA] Support `JIRA_ACCESS_TOKEN` in
translate-contributors.py
### What changes were proposed in this pull request?
Support JIRA_ACCESS_TOKEN in translate-contributors.py
### Why are the changes needed?
Remove plaintext password in JIRA_PASSWORD environment variable to prevent
password leakage
### Does this PR introduce _any_ user-facing change?
no, infra only
### How was this patch tested?
Ran translate-contributors.py with 3.5.2 RC
### Was this patch authored or co-authored using generative AI tooling?
no
Closes #47440 from yaooqinn/SPARK-48963.
Authored-by: Kent Yao <[email protected]>
Signed-off-by: Dongjoon Hyun <[email protected]>
---
dev/create-release/translate-contributors.py | 40 ++++++++++++++++++++++++----
1 file changed, 35 insertions(+), 5 deletions(-)
diff --git a/dev/create-release/translate-contributors.py
b/dev/create-release/translate-contributors.py
index 18a114c00b59..3505e0a7a33c 100755
--- a/dev/create-release/translate-contributors.py
+++ b/dev/create-release/translate-contributors.py
@@ -47,12 +47,44 @@ from releaseutils import (
JIRA_API_BASE = os.environ.get("JIRA_API_BASE",
"https://issues.apache.org/jira";)
JIRA_USERNAME = os.environ.get("JIRA_USERNAME", None)
JIRA_PASSWORD = os.environ.get("JIRA_PASSWORD", None)
+# ASF JIRA access token
+# If it is configured, username and password are dismissed
+# Go to https://issues.apache.org/jira/secure/ViewProfile.jspa -> Personal
Access Tokens for
+# your own token management.
+JIRA_ACCESS_TOKEN = os.environ.get("JIRA_ACCESS_TOKEN")
+
GITHUB_OAUTH_KEY = os.environ.get("GITHUB_OAUTH_KEY",
os.environ.get("GITHUB_API_TOKEN", None))
-if not JIRA_USERNAME or not JIRA_PASSWORD:
- sys.exit("Both JIRA_USERNAME and JIRA_PASSWORD must be set")
+
if not GITHUB_OAUTH_KEY:
sys.exit("GITHUB_OAUTH_KEY must be set")
+# Setup JIRA client
+jira_options = {"server": JIRA_API_BASE}
+if JIRA_ACCESS_TOKEN:
+ client = JIRA(jira_options, token_auth=JIRA_ACCESS_TOKEN)
+ try:
+ # Eagerly check if the token is valid to align with the behavior of
username/password
+ # authn
+ client.current_user()
+ jira_client = client
+ except Exception as e:
+ if e.__class__.__name__ == "JIRAError" and getattr(e, "status_code",
None) == 401:
+ msg = (
+ "ASF JIRA could not authenticate with the invalid or expired
token '%s'"
+ % JIRA_ACCESS_TOKEN
+ )
+ sys.exit(msg)
+ else:
+ raise e
+elif JIRA_USERNAME and JIRA_PASSWORD:
+ print("You can use JIRA_ACCESS_TOKEN instead of
JIRA_USERNAME/JIRA_PASSWORD.")
+ print("Visit https://issues.apache.org/jira/secure/ViewProfile.jspa ")
+ print("and click 'Personal Access Tokens' menu to manage your own tokens.")
+ jira_client = JIRA(jira_options, basic_auth=(JIRA_USERNAME, JIRA_PASSWORD))
+else:
+ sys.exit("JIRA_ACCESS_TOKEN must be set.")
+
+
# Write new contributors list to <old_file_name>.final
if not os.path.isfile(contributors_file_name):
print("Contributors file %s does not exist!" % contributors_file_name)
@@ -70,9 +102,7 @@ if len(sys.argv) > 1:
if INTERACTIVE_MODE:
print("Running in interactive mode. To disable this, provide the
--non-interactive flag.")
-# Setup GitHub and JIRA clients
-jira_options = {"server": JIRA_API_BASE}
-jira_client = JIRA(options=jira_options, basic_auth=(JIRA_USERNAME,
JIRA_PASSWORD))
+# Setup GitHub client
github_client = Github(GITHUB_OAUTH_KEY)
# Load known author translations that are cached locally
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
