Hi Aurélien! thanks for the hard work on the new Bodhi release!
I have a question on the non-interactive way of Bodhi authentication. I understand that supporting OpenID is hard, but are there some other options to support this workflow in the future? A little bit of context: * We, as a Packit team, work on the automation of various maintenance tasks. One of them is creating the Bodhi updates. (See packit.dev for more details.) * Our users can use Packit via CLI and use their identity for Bodhi connections. With this, it's not nice, but doable to open a web-browser. (Not sure how this works in the containerised use-cases.) * But newly, we support this job in our service that uses `packit` FAS user to create the updates. Here, it's not possible to open any browser. So: * Is there some way to get/generate some token that can be used instead of doing this browser workflow? * Do I get it right from what you wrote about `save_override` that we can generate the session token elsewhere and reuse it in the service? Do you have some details on how this works so we can start working on the move? * For other Fedora systems, we use Kerberos authentication, are there some plans to add it? * Ideally, I would like to see it solved also for our CLI users, but at least for Packit's service as a special case. Thank you in advance for any tips or suggestions! František Lachman (CCing the Packit's mailing list.) On Wed, Apr 6, 2022 at 12:38 PM Aurelien Bompard <abomp...@fedoraproject.org> wrote: > Hey everyone! > > Bodhi 6.0 will be published in a few days, and deployed to production a > couple weeks after the Fedora release. It has backwards-incompatible > changes, here's what you need to know. > > == Authentication == > Bodhi gained support for OpenID Connect (OIDC) authentication, like most > of Fedora's webapps. OpenID still works but is not the default, you can > access it by using `/login?method=openid` as the login URL. > > Version 6.0 of the Bodhi client uses only OIDC, plain OpenID support has > been dropped. Version 5.7.5 of the Bodhi client, however, uses the new > OpenID login URL and has been available for about a month now, you'll need > at least version 5.7.5 to use the Bodhi client with the updated server. > > The client's API has changed, so if you have a piece of code that imports > from `bodhi.client`, you'll have to update it to use the new API, and in > the meantime use version 5.7.5. > > As a user of the `bodhi` CLI, you'll notice that the `--username` and > `--password` options have disappeared. Instead the Bodhi client will ask > you to open your browser to a URL to authenticate. The authentication > tokens will be saved and you'll be able to use the `bodhi` CLI without > authenticating afterwards (or non-interactively). > > == Code reorganization == > The Bodhi source code has been reorganized to drop the hacks used in > `setup.py` to support sub-projects. Instead, `bodhi-server`, `bodhi-client` > and `bodhi-messages` are now actual Python package directories in the repo. > The import path has not changed. > > Bodhi's Python project metadata and dependencies are now managed with > Poetry <https://python-poetry.org/>. > > == Other changes == > - Serialized `Release` objects sent in the messages don't contain the > `composes` property anymore > - The `koji-build-group.build.complete` messages now contain an `update` > property > - In the Bodhi client API, the `save_override()` method has been extended > to allow setting the expiration date directly > - Misc bug fixes > > > If you have any questions, feel free to ask the Bodhi team in our matrix > room: <https://matrix.to/#/#bodhi:matrix.org>. > If you are importing the bodhi client code in your app/script, or using > the bodhi client in an "unusual" manner, we'll help you migrate. > > Thanks! > > Aurélien Bompard > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
