From d36ace088e6f8bd618edd6f5f8b8973879c8345b Mon Sep 17 00:00:00 2001 From: Tobias Henkel Date: Tue, 11 Feb 2020 17:54:40 +0100 Subject: [PATCH] Revert "Fix github app authentication to work with checks API endpoints" This breaks the anonymous fallback in GitHub when app authentication is used on repos not having installed the zuul app. This reverts commit 037f2ce53737426a907fda0c7dbe22d51bc062da. Change-Id: Ie601f8412fd5a646284364d0d0ea08ba32e02c26 --- .../notes/app-auth-bd38c5566d8130b3.yaml | 5 ++++ zuul/driver/github/githubconnection.py | 25 +------------------ 2 files changed, 6 insertions(+), 24 deletions(-) create mode 100644 releasenotes/notes/app-auth-bd38c5566d8130b3.yaml diff --git a/releasenotes/notes/app-auth-bd38c5566d8130b3.yaml b/releasenotes/notes/app-auth-bd38c5566d8130b3.yaml new file mode 100644 index 0000000000..eb3285a397 --- /dev/null +++ b/releasenotes/notes/app-auth-bd38c5566d8130b3.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + When using GitHub app authentication the fallback to anonymous access + was broken for repositories not having installed the zuul app. diff --git a/zuul/driver/github/githubconnection.py b/zuul/driver/github/githubconnection.py index 8875f505bc..b15bc4454f 100644 --- a/zuul/driver/github/githubconnection.py +++ b/zuul/driver/github/githubconnection.py @@ -34,7 +34,6 @@ import jwt import requests import github3 import github3.exceptions -from github3.session import AppInstallationTokenAuth from zuul.connection import BaseConnection from zuul.lib.gearworker import ZuulGearWorker @@ -1017,29 +1016,7 @@ class GithubConnection(BaseConnection): # if you're authenticating for a project and you're an integration then # you need to use the installation specific token. if project and self.app_id: - # Call get_installation_key to ensure the token gets refresehd in - # case it's expired. - token = self._get_installation_key(project) - - # To set the AppInstallationAuthToken on the github session, we - # also need the expiry date, but in the correct ISO format. - installation_id = self.installation_map.get(project) - _, expiry = self.installation_token_cache.get(installation_id) - format_expiry = datetime.datetime.strftime( - expiry, "%Y-%m-%dT%H:%M:%SZ" - ) - - # Usually one should use github.login_as_app_installation() to - # authenticate as github app. This method will then request the - # access token for the installation or refresh it if necessary and - # set the correct class on the github.session.auth attribute to be - # identified as github app. As we are alreaedy managing the - # installation tokens by ourselves, we just have to set the correct - # TokenAuth class on the github.session.auth attribute. - github.session.auth = AppInstallationTokenAuth( - token, format_expiry - ) - + github.login(token=self._get_installation_key(project)) github._zuul_project = project github._zuul_user_id = self.installation_map.get(project)