...
Excerpt |
---|
If you are writing a script that interacts with Jira through a REST API, you should authenticate using an OAuth token, rather than an embedded username/password. Here we describe one way to do the 'oauth dance' to generate a trusted token using Python 3 - specifically the |
Table of Contents |
---|
On with the instructions.
Last updated |
Warning | ||
---|---|---|
| ||
Personal Access Tokens make this approach obsolete. Use them instead if you are using Jira 8.14 and above. |
Table of Contents |
---|
Establishing OAuth trust
Install Python 3
...
Install Python libraries
Code Block |
---|
pip3 install 'jira[cli]==3.5.0' ipython==8.10 pyjwt |
Yes, you need those particular versions. The jira
library >3.5.0 broke backwards-compat with older Jiras, and ipython > 8.10 is broken for our purposes.
Expand | ||
---|---|---|
| ||
If you get an error:
then pip3 install -U pip should fix it. |
Generate an RSA public key
Code Block |
---|
openssl genrsa -out rsa.pem 2048
openssl rsa -in rsa.pem -pubout -out rsa.pub
|
Create an application link
...
Code Block |
---|
BROWSER='echo %s' jirashell --server https://issues.redradishtech.com --consumer-key monitor-jira-license --key-cert rsa.pem --oauth-dance |
This should print a URL:
No Format |
---|
https://issues.redradishtech.com/plugins/servlet/oauth/authorize?oauth_token=W5dwQnW9PoIPZfW35dINpl1V86Hq8wPY
Your browser is opening the OAuth authorization for this client session.
Have you authorized this program to connect on your behalf to https://issues.redradishtech.com? (y/n) |
Expand | ||
---|---|---|
| ||
If, instead of printing a URL, the jirashell command just prints:
That means your |
Expand | ||
---|---|---|
| ||
Jirashell would normally try to launch your preferred web browser, using the webbrowser library. By setting the BROWSER env variable, we tell Python not to bother, and just print the URL for us to manually cut & paste. This is require required for server environments, where |
This should print a URL. Open it in your browserAt this point you need to decide which JIRA user you want to grant OAuth access as. For most scripts you should create a dedicated JIRA role account with reduced privileges. Log out and back in to JIRA as that user, (or use switchuser.jsp) then open the link:
Click *'Allow* ' in the Browser window:
After the URL, your terminal also should have displayed:
...
Test your OAuth token
Now embed the 'Request consumer_key', 'access_token' and 'Request access_token_secret' values you saw above into a new jirashell command:
...
Code Block |
---|
$ cp venv/bin/jirashell check-jira-license $ vim check-jira-license # Make changes $ cat check-jira-license #!/home/jturner/src/redradish/nagios-jira-license/venv/bin/python3 # -*- coding: utf-8 -*- import re import sys from jira.jirashell import get_config, JIRA def main()if __name__ == '__main__': options, basic_auth, oauth, kerberos_auth = get_config() jira = JIRA( options=options, oauth=oauth) print(jira.server_info()) if __name__ == '__main__': ) sys.exit(mainprint(jira.server_info()) |
This command can then be invoked using the same command-line flags as jirashell
:
...