SERVER-33424 Change update_test_lifecycle.py script to use OAuth when authenticating to JIRA

4 files changed, 55 insertions, 31 deletions

diff --git a/buildscripts/jiraclient.py b/buildscripts/jiraclient.py
index d3dd1038c71..a6896a6186d 100644
--- a/buildscripts/jiraclient.py
+++ b/buildscripts/jiraclient.py
@@ -12,11 +12,34 @@ class JiraClient(object):
     FIXED_RESOLUTION_NAME = "Fixed"
     WONT_FIX_RESOLUTION_NAME = "Won't Fix"
 
-    def __init__(self, server, username, password):
+    def __init__(self,
+                 server,
+                 username=None,
+                 password=None,
+                 access_token=None,
+                 access_token_secret=None,
+                 consumer_key=None,
+                 key_cert=None):
         """Initialize the JiraClient with the server URL and user credentials."""
         opts = {"server": server, "verify": True}
-        auth = (username, password)
-        self._jira = jira.JIRA(options=opts, basic_auth=auth)
+        basic_auth = None
+        oauth_dict = None
+        if access_token and access_token_secret and consumer_key and key_cert:
+            oauth_dict = {
+                "access_token": access_token,
+                "access_token_secret": access_token_secret,
+                "consumer_key": consumer_key,
+                "key_cert": key_cert
+            }
+        elif username and password:
+            basic_auth = (username, password)
+        else:
+            raise TypeError("Must specify Basic Auth (using arguments username & password)"
+                            " or OAuth (using arguments access_token, access_token_secret,"
+                            " consumer_key & key_cert_file) credentials")
+        self._jira = jira.JIRA(
+            options=opts, basic_auth=basic_auth, oauth=oauth_dict, validate=True)
+
         self._transitions = {}
         self._resolutions = {}
 
diff --git a/buildscripts/requirements.txt b/buildscripts/requirements.txt
index 83242c053ff..6a6aec669a1 100644
--- a/buildscripts/requirements.txt
+++ b/buildscripts/requirements.txt
@@ -1,4 +1,8 @@
+# Jira integration
+cryptography == 1.7.2
 jira == 1.0.10
+pyjwt == 1.5.3
+# Other
 pyyaml == 3.11
 unittest-xml-reporting == 2.1.0
 # Linters
diff --git a/buildscripts/update_test_lifecycle.py b/buildscripts/update_test_lifecycle.py
index a86c7719fc0..887f0cc78af 100755
--- a/buildscripts/update_test_lifecycle.py
+++ b/buildscripts/update_test_lifecycle.py
@@ -30,6 +30,7 @@ if __name__ == "__main__" and __package__ is None:
 from buildscripts import git
 from buildscripts import jiraclient
 from buildscripts import resmokelib
+from buildscripts.resmokelib import utils
 from buildscripts.resmokelib.utils import globstar
 from buildscripts import test_failures as tf
 from buildscripts.ciconfig import evergreen as ci_evergreen
@@ -570,8 +571,22 @@ class JiraIssueCreator(object):
     _PROJECT = "TIGBOT"
     _MAX_DESCRIPTION_SIZE = 32767
 
-    def __init__(self, jira_server, jira_user, jira_password):
-        self._client = jiraclient.JiraClient(jira_server, jira_user, jira_password)
+    def __init__(self,
+                 server=None,
+                 username=None,
+                 password=None,
+                 access_token=None,
+                 access_token_secret=None,
+                 consumer_key=None,
+                 key_cert=None):
+        self._client = jiraclient.JiraClient(
+            server=server,
+            username=username,
+            password=password,
+            access_token=access_token,
+            access_token_secret=access_token_secret,
+            consumer_key=consumer_key,
+            key_cert=key_cert)
 
     def create_issue(self, evg_project, mongo_revision, model_config, added, removed, cleaned_up):
         """Create a JIRA issue for the test lifecycle tag update."""
@@ -845,21 +860,6 @@ class LifecycleTagsFile(object):
             return False
 
 
-def _read_jira_configuration(jira_config_file):
-    with open(jira_config_file, "r") as fstream:
-        jira_config = yaml.safe_load(fstream)
-    return (_get_jira_parameter(jira_config, "server"),
-            _get_jira_parameter(jira_config, "user"),
-            _get_jira_parameter(jira_config, "password"))
-
-
-def _get_jira_parameter(jira_config, parameter_name):
-    value = jira_config.get(parameter_name)
-    if not value:
-        LOGGER.error("Missing parameter '%s' in JIRA configuration file", parameter_name)
-    return value
-
-
 def make_lifecycle_tags_file(options, model_config):
     """Create a LifecycleTagsFile based on the script options."""
     if options.commit:
@@ -869,13 +869,7 @@ def make_lifecycle_tags_file(options, model_config):
         if not (options.git_user_name or options.git_user_email):
             LOGGER.error("Git configuration parameters are required when specifying --commit.")
             return None
-        jira_server, jira_user, jira_password = _read_jira_configuration(options.jira_config)
-        if not (jira_server and jira_user and jira_password):
-            return None
-
-        jira_issue_creator = JiraIssueCreator(jira_server,
-                                              jira_user,
-                                              jira_password)
+        jira_issue_creator = JiraIssueCreator(**utils.load_yaml_file(options.jira_config))
         git_config = (options.git_user_name, options.git_user_email)
     else:
         jira_issue_creator = None
diff --git a/etc/evergreen.yml b/etc/evergreen.yml
index e9e6ed48a50..973d8a51226 100644
--- a/etc/evergreen.yml
+++ b/etc/evergreen.yml
@@ -4604,16 +4604,19 @@ tasks:
 
         # Create the jira credentials configuration file
         cat > ~/.jira.yml <<END_OF_CREDS
-        user: "${testlifecycle_jira_user}"
-        password: "${testlifecycle_jira_password}"
         server: "https://jira.mongodb.org"
+        access_token: "${testlifecycle_jira_access_token}"
+        access_token_secret: "${testlifecycle_jira_access_token_secret}"
+        consumer_key: "${testlifecycle_jira_consumer_key}"
+        key_cert: |
+        $(echo "${testlifecycle_jira_key_certificate}" | sed  's/^/  /')
         END_OF_CREDS
 
         set -o verbose
 
         ${activate_virtualenv}
-        # Install Python jira client with pip until it is available in the toolchain
-        pip install jira==1.0.10
+        # Install Python modules to support OAuth with pip until it is available in the toolchain.
+        pip install cryptography==1.7.2 pyjwt==1.5.3
 
         # We use a small batch size to avoid hitting the load balancer timeout if the Evergreen
         # API query is not fast enough.