action #138446
Updated by livdywan 7 months ago
## Motivation As announced in https://mailman.suse.de/mlarch/SuSE/research/2023/research.2023.10/msg00059.html > As part of hardening the security posture of our internal build service, please be notified that we are going to be **disabling disabling the anonymous read access to IBS effective November 15th**, possibly delayed to November 30 if there's a good reason given. 15th. Following this change, the web user interface of IBS will not allow anonymous access to data and the API will not allow https://api.suse.de/public route. We should ensure that our tooling if relying on that is ready for the change. ## Acceptance criteria * **AC1:** All SUSE QE Tools maintained tooling if using build.suse.de or api.suse.de is using authenticated accesses ## Suggestions * Read the complete thread behind https://mailman.suse.de/mlarch/SuSE/research/2023/research.2023.10/msg00059.html as well as https://suse.slack.com/archives/C02CBB35W5B/p1697791512356939 * Check our tooling for use of build.suse.de or api.suse.de, e.g. https://github.com/openSUSE/qem-bot/ or https://gitlab.suse.de/qa-maintenance/teregen/ or maybe also https://github.com/openSUSE/mtui/ * Setup up or use non-personal bot accounts. According to bmwiedemann from https://suse.slack.com/archives/C02CBB35W5B/p1698157772227709?thread_ts=1697791512.356939&cid=C02CBB35W5B "team-accounts are certainly created via https://idp-portal.suse.com/univention/self-service/#page=createaccount and then need the right permission. either via SD-Ticket or autobuild@suse.de if it only needs to access IBS" * Feed the credentials into the according gitlab CI pipelines and/or add to according user instructions * Ensure all our automated tools as well as user facing tooling works using authenticated accesses * qem-bot and teregen are using osc with a proper bot account, that was implemented in #111998 * mtui is using osc with a user-provided credentials, so it should be also fine