Enable Jira Cloud Basic auth for firewatch report step

[amp-rh]

Summary

Update the firewatch-report-issues step to support Jira Cloud Basic auth (email + API token) after the migration to Atlassian Cloud (redhat.atlassian.net).

Problem

After Jira migrated to Atlassian Cloud, firewatch write operations fail:

• HTTP 415 (before RedHatQE/firewatch#267): Content-Type 'null' is not supported
• HTTP 403 (after #267): Failed to parse Connect Session Auth Token

Bearer token auth works for read operations (search, connection) but fails on writes (issue updates, label changes). Jira Cloud requires Basic auth (email + API token) for write operations.

Changes

1. firewatch-report-issues-ref.yaml:

   • Update default FIREWATCH_JIRA_SERVER from https://issues.redhat.com to https://redhat.atlassian.net
   • Add FIREWATCH_JIRA_EMAIL_PATH env var (defaults to /tmp/secrets/jira/email)

2. firewatch-report-issues-commands.sh:

   • Pass --email to jira-config-gen when the email file exists in the credential secret

Prerequisites

An email key must be added to the firewatch-tool-jira-credentials secret in the test-credentials namespace containing the service account email for Jira Cloud.

Related

• RedHatQE/firewatch#266: Core Jira Cloud migration (Basic auth, API v3, accountId)
• RedHatQE/firewatch#267: Fix HTTP 415 on label updates
• #76368: WIP test for Jira Cloud token validation
• Evidence of 403 on write ops: build log

/cc @sg-rh @oharan2

Made with Cursor

[openshift-ci-robot]

[REHEARSALNOTIFIER]
@amp-rh: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.14-stage-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-acm-observability-v4.14-stage-multi-cluster-observability-4-14-rosa-acm-gcp-mngd-rosa-mngd	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.15-stage-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhods-rhoam-v4.14-production-co-exist-rosa-rhoai-rhoam	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-addon-interop-v4.15-GA-smoke-rosa-rhoai-addon-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-IIB-smoke-ipi-aws-addon-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-IIB-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-GA-stage-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-stage-smoke-ipi-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-hypershift-GA-production-smoke-rosa-rhoai-hypershift	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-rosa-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-osd-gcp-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-osd-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-CSPI-QE-MSI-rhoai-operator-interop-v4.14-GA-production-smoke-ipi-aws-rhoai-baseline-fips	CSPI-QE/MSI	presubmit	Registry content changed
pull-ci-red-hat-data-services-ods-ci-release-2.19-rhoai-ocp4.19-interop-rhoai-interop-aws	red-hat-data-services/ods-ci	presubmit	Registry content changed
periodic-ci-quay-quay-tests-master-ocp-414-quay-quay-e2e-tests-quay313-ocp414-lp-interop	N/A	periodic	Registry content changed
periodic-ci-quay-quay-tests-master-ocp-419-quay-quay-e2e-tests-quay313-ocp419-lp-interop-fips	N/A	periodic	Registry content changed
periodic-ci-insights-qe-iqe-cost-management-plugin-master-ocp4.20-lp-interop-cost-management-interop-aws-fips	N/A	periodic	Registry content changed
periodic-ci-openshift-pipelines-release-tests-release-v1.19-openshift-pipelines-ocp4.20-lp-interop-openshift-pipelines-interop-aws	N/A	periodic	Registry content changed

A total of 484 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here
Prior to this PR being merged, you will need to either run and acknowledge or opt to skip these rehearsals.

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse list to get an up-to-date list of affected jobs
Comment: /pj-rehearse abort to abort all active rehearsals
Comment: /pj-rehearse network-access-allowed to allow rehearsals of tests that have the restrict_network_access field set to false. This must be executed by an openshift org member who is not the PR author

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[oharan2]

/lgtm

[shakyav]

/lgtm

[amp-rh]

/pj-rehearse ack

[openshift-ci-robot]

@amp-rh: now processing your pj-rehearse request. Please allow up to 10 minutes for jobs to trigger or cancel.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amp-rh, oharan2, sg-rh, shakyav

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• ci-operator/step-registry/firewatch/report-issues/OWNERS [amp-rh,oharan2,sg-rh,shakyav]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@amp-rh: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.