Versions Compared

Old Version 17

changes.mady.by.user Jeff Turner

Saved on

compared with

New Version Current

changes.mady.by.user Jeff Turner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Clarify output

...

Excerpt

If you are writing a script that interacts with Jira through a REST API, you should authenticate using an OAuth token, rather than an embedded username/password. Here we describe one way to do the 'oauth dance' to generate a trusted token using Python 3 - specifically the jirashell  utility from the jira Python package.  jirashell  then forms a useful basis for a Python script. Our example script uses OAuth to call an undocumented REST API for querying license data. Last updated  


Warning
titleObsolete!

Personal Access Tokens make this approach obsolete.  Use them instead if you are using Jira 8.14 and above.


Table of Contents

Establishing OAuth trust

...

Install Python libraries

Code Block
pip3 install -U pip   # upgrade pip to avoid "No module named 'setuptools_rust'" error
pip3 install jira ipython'jira[cli]==3.5.0' ipython==8.10 pyjwt

Yes, you need those particular versions. The jira  library >3.5.0 broke backwards-compat with older Jiras, and ipython > 8.10 is broken for our purposes.

Expand
titleoduleNotFoundErrorModuleNotFoundError: No module named 'setuptools_rust'?

If you get an error:

Code Block
Collecting cryptography>=2.0 (from SecretStorage>=3.2; sys_platform == "linux"->keyring->jira)                                                                                                      
  Downloading https://files.pythonhosted.org/packages/9b/77/461087a514d2e8ece1c975d8216bc03f7048e6090c5166bc34115afdaa53/cryptography-3.4.7.tar.gz (546kB)
    100% |████████████████████████████████| 552kB 2.8MB/s 
    Complete output from command python setup.py egg_info:
     
            =============================DEBUG ASSISTANCE==========================
            If you are seeing an error here please try the following to
            successfully install cryptography:
     
            Upgrade to the latest pip and try again. This will fix errors for most
            users. See: https://pip.pypa.io/en/stable/installing/#upgrading-pip
            =============================DEBUG ASSISTANCE==========================
     
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-xs9c9nwd/cryptography/setup.py", line 14, in <module>
        from setuptools_rust import RustExtension 
    ModuleNotFoundError: No module named 'setuptools_rust'
     
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-xs9c9nwd/cryptography/

then pip3 install -U pip  should fix it.

...

Code Block
BROWSER='echo %s' jirashell --server https://issues.redradishtech.com --consumer-key monitor-jira-license --key-cert rsa.pem --oauth-dance

This should print a URL:

No Format
https://issues.redradishtech.com/plugins/servlet/oauth/authorize?oauth_token=W5dwQnW9PoIPZfW35dINpl1V86Hq8wPY
Your browser is opening the OAuth authorization for this client session.
Have you authorized this program to connect on your behalf to https://issues.redradishtech.com? (y/n)


Expand
titleGetting 'oauth_token' instead of a URL?

If, instead of printing a URL, the jirashell command just prints:

Code Block
'oauth_token'

That means your consumer-key does not exist in Jira (perhaps you copy & pasted the example without substituting yours?). This is an error reporting bug in jirashell.


Expand
titleWhy BROWSER='echo %s'..

Jirashell would normally try to launch your preferred web browser, using the webbrowser library. By setting the BROWSER env variable, we tell Python not to bother, and just print the URL for us to manually cut & paste. This is required for server environments, where lynx isn't able to deal with Jira's Javascript.

...

.



At this point you need to decide which JIRA user you want to grant OAuth access as. For most scripts you should create a dedicated JIRA role account with reduced privileges. Log out and back in to JIRA as that user, (or use switchuser.jsp) then open the link:

...

Click 'Allow' in the Browser window:

...



After the URL, your terminal also should have displayed:

...

Code Block
$ cp venv/bin/jirashell check-jira-license
$ vim check-jira-license   # Make changes
$ cat check-jira-license
#!/home/jturner/src/redradish/nagios-jira-license/venv/bin/python3

# -*- coding: utf-8 -*-
import re
import sys

from jira.jirashell import get_config, JIRA

def main()if __name__ == '__main__':
    options, basic_auth, oauth, kerberos_auth = get_config()

    jira = JIRA(
            options=options,
            oauth=oauth)

         print(jira.server_info())

if __name__ == '__main__': )
    sys.exit(mainprint(jira.server_info())


This command can then be invoked using the same command-line flags as jirashell :

...