action #138446
Updated by okurz 7 months ago
## Motivation
As announced in https://mailman.suse.de/mlarch/SuSE/research/2023/research.2023.10/msg00059.html
> As part of hardening the security posture of our internal build service, please be notified that we are going to be disabling the anonymous read access to IBS effective November 15th.
Following this change, the web user interface of IBS will not allow anonymous access to data and the API will not allow https://api.suse.de/public route.
We should ensure that our tooling if relying on that is ready for the change.
## Acceptance criteria
* **AC1:** All SUSE QE Tools maintained tooling if using build.suse.de or api.suse.de is using authenticated accesses
## Suggestions
* Read the complete thread behind https://mailman.suse.de/mlarch/SuSE/research/2023/research.2023.10/msg00059.html as well as https://suse.slack.com/archives/C02CBB35W5B/p1697791512356939
* Check our tooling for use of build.suse.de or api.suse.de, e.g. https://github.com/openSUSE/qem-bot/ or https://gitlab.suse.de/qa-maintenance/teregen/ or maybe also https://github.com/openSUSE/mtui/
* Setup up or use non-personal bot accounts. According to bmwiedemann from https://suse.slack.com/archives/C02CBB35W5B/p1698157772227709?thread_ts=1697791512.356939&cid=C02CBB35W5B "team-accounts are certainly created via https://idp-portal.suse.com/univention/self-service/#page=createaccount and then need the right permission. either via SD-Ticket or autobuild@suse.de if it only needs to access IBS"
* Feed accounts, feed the credentials into the according gitlab CI pipelines and/or add to according user instructions
* Ensure all our automated tools as well as user facing tooling works using authenticated accesses
Back