From 8aa0e24661816fa12bffce577db1705ae4abc049 Mon Sep 17 00:00:00 2001 From: Michael Pruitt Date: Thu, 19 Mar 2026 08:29:10 -0500 Subject: [PATCH] Enable Jira Cloud Basic auth for firewatch report step Update the firewatch-report-issues step to support Jira Cloud Basic auth (email + API token) required after the migration to Atlassian Cloud. Bearer token auth returns HTTP 403 on write operations (issue updates, label changes) with "Failed to parse Connect Session Auth Token". Changes: - Update default JIRA_SERVER to https://redhat.atlassian.net - Add FIREWATCH_JIRA_EMAIL_PATH env var (reads from credential secret) - Pass --email to jira-config-gen when the email file exists Requires adding an 'email' key to the firewatch-tool-jira-credentials secret in the test-credentials namespace. Made-with: Cursor --- .../report-issues/firewatch-report-issues-commands.sh | 9 +++++++-- .../report-issues/firewatch-report-issues-ref.yaml | 5 ++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh b/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh index 005ed25e1ae46..0597051b1c151 100644 --- a/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh +++ b/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-commands.sh @@ -4,8 +4,13 @@ set -o nounset set -o errexit set -o pipefail -# Create the Jira configuration file -firewatch jira-config-gen --token-path "${FIREWATCH_JIRA_API_TOKEN_PATH}" --server-url "${FIREWATCH_JIRA_SERVER}" +jira_config_cmd="firewatch jira-config-gen --token-path ${FIREWATCH_JIRA_API_TOKEN_PATH} --server-url ${FIREWATCH_JIRA_SERVER}" + +if [ -f "${FIREWATCH_JIRA_EMAIL_PATH}" ]; then + jira_config_cmd+=" --email $(cat "${FIREWATCH_JIRA_EMAIL_PATH}")" +fi + +eval "${jira_config_cmd}" report_command="firewatch report" diff --git a/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml b/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml index 1c8ee28399fce..f3da045038b39 100644 --- a/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml +++ b/ci-operator/step-registry/firewatch/report-issues/firewatch-report-issues-ref.yaml @@ -18,11 +18,14 @@ ref: memory: 100Mi env: - name: FIREWATCH_JIRA_SERVER - default: https://issues.redhat.com + default: https://redhat.atlassian.net documentation: The Jira server issues are to be reported to. - name: FIREWATCH_JIRA_API_TOKEN_PATH default: /tmp/secrets/jira/access_token documentation: The path to the file containing the Jira API token. + - name: FIREWATCH_JIRA_EMAIL_PATH + default: /tmp/secrets/jira/email + documentation: The path to the file containing the email address for Jira Cloud Basic auth. If the file exists, Basic auth (email + API token) is used instead of Bearer token auth. - name: FIREWATCH_FAIL_WITH_TEST_FAILURES default: "false" documentation: If you would like this ref to fail with a non-zero exit code if a test failure is found, set to "true"