def add_metadata_cli(runtime, kind, impetus, advisory):
"""Add metadata to an advisory. This is usually called by
create immediately after creation. It is only useful to you if
you are going back and adding metadata to older advisories.
Note: Requires you provide a --group
Example to add standard metadata to a 3.10 images release
\b
$ elliott --group=openshift-3.10 add-metadata --impetus standard --kind image
"""
runtime.initialize()
release = release_from_branch(runtime.group_config.branch)
try:
advisory = Erratum(errata_id=advisory)
except GSSError:
exit_unauthenticated()
result = elliottlib.errata.add_comment(
advisory.errata_id, {'release': release, 'kind': kind, 'impetus': impetus})
if result.status_code == 201:
green_prefix("Added metadata successfully")
click.echo()
elif result.status_code == 403:
exit_unauthorized()
else:
red_print("Something weird may have happened")
raise ElliottFatalError(
"Unexpected response from ET API: {code}".format(code=result.status_code))
def create_textonly(runtime, errata_type, date, assigned_to, manager,
package_owner, topic, synopsis, description, solution,
bug_title, bug_description, yes, bug_tracker: BugTracker):
et_data = runtime.gitdata.load_data(key='erratatool').data
try:
erratum = Erratum(
product=et_data['product'],
release=et_data['release'],
qe_group=et_data['quality_responsibility_name'],
synopsis=synopsis,
topic=topic,
description=description,
solution=solution,
qe_email=assigned_to,
errata_type=errata_type,
owner_email=package_owner,
manager_email=manager,
date=date,
text_only=1,
)
except elliottlib.exceptions.ErrataToolUnauthorizedException:
exit_unauthorized()
except elliottlib.exceptions.ErrataToolError as ex:
raise repr(ex)
cdn_repos = et_data.get('cdn_repos')
if cdn_repos:
click.echo(f"Configuring CDN repos {', '.join(cdn_repos)}...")
erratum.textOnlyRepos(enable=cdn_repos)
if yes:
erratum.commit()
green_prefix("Created new text only advisory: ")
click.echo(str(erratum))
bug = bug_tracker.create_textonly(bug_title, bug_description)
click.echo(f"Created placeholder bug: {bug.id} {bug.webur}")
click.echo("Attaching placeholder bug...")
bug_tracker.attach_bugs(erratum.errata_id, [bug.id])
else:
green_prefix("Would have created advisory: ")
click.echo("")
click.echo(erratum)
def create_cli(ctx, runtime, errata_type, kind, impetus, date, assigned_to,
manager, package_owner, with_placeholder, with_liveid, yes,
bugs):
"""Create a new advisory. The kind of advisory must be specified with
'--kind'. Valid choices are 'rpm' and 'image'.
You MUST specify a group (ex: "openshift-3.9") manually using the
--group option. See examples below.
You must set a Release Date by providing a YYYY-Mon-DD formatted string to the
--date option.
The default behavior for this command is to show what the generated
advisory would look like. The raw JSON used to create the advisory
will be printed to the screen instead of posted to the Errata Tool
API.
The impetus option only affects the metadata added to the new
advisory and its synopsis.
The --assigned-to, --manager and --package-owner options are required.
They are the email addresses of the parties responsible for managing and
approving the advisory.
Adding a list of bug ids with one or more --bugs arguments attaches those bugs to the
advisory on creation.
Provide the '--yes' or '-y' option to confirm creation of the
advisory.
PREVIEW an RPM Advisory 21 days from now (the default release date) for OSE 3.9:
$ elliott --group openshift-3.9 create
CREATE Image Advisory for the 3.5 series on the first Monday in March:
\b
$ elliott --group openshift-3.5 create --yes -k image --date 2018-Mar-05
"""
runtime.initialize()
et_data = runtime.gitdata.load_data(key='erratatool').data
# User entered a valid value for --date, set the release date
release_date = datetime.datetime.strptime(date, YMD)
######################################################################
unique_bugs = set(bugs)
if bugs:
bug_tracker = BugzillaBugTracker(
BugzillaBugTracker.get_config(runtime))
LOGGER.info("Fetching bugs {} from Bugzilla...".format(" ".join(
map(str, bugs))))
bug_objects = bug_tracker.get_bugs(bugs)
# assert bugs are viable for a new advisory.
_assert_bugs_are_viable(bugs, bug_objects)
######################################################################
try:
erratum = elliottlib.errata.new_erratum(
et_data,
errata_type=errata_type,
kind=kind,
boilerplate_name=(impetus if impetus != "standard" else kind),
release_date=release_date.strftime(YMD),
assigned_to=assigned_to,
manager=manager,
package_owner=package_owner)
except elliottlib.exceptions.ErrataToolUnauthorizedException:
exit_unauthorized()
except elliottlib.exceptions.ErrataToolError as ex:
raise ElliottFatalError(getattr(ex, 'message', repr(ex)))
erratum.addBugs(unique_bugs)
if yes:
erratum.commit()
green_prefix("Created new advisory: ")
click.echo(str(erratum))
# This is a little strange, I grant you that. For reference you
# may wish to review the click docs
#
# http://click.pocoo.org/5/advanced/#invoking-other-commands
#
# You may be thinking, "But, add_metadata doesn't take keyword
# arguments!" and that would be correct. However, we're not
# calling that function directly. We actually use the context
# 'invoke' method to call the _command_ (remember, it's wrapped
# with click to create a 'command'). 'invoke' ensures the correct
# options/arguments are mapped to the right parameters.
ctx.invoke(add_metadata_cli,
kind=kind,
impetus=impetus,
advisory=erratum.errata_id)
click.echo(str(erratum))
if with_placeholder:
click.echo("Creating and attaching placeholder bug...")
ctx.invoke(create_placeholder_cli,
kind=kind,
advisory=erratum.errata_id)
if with_liveid:
click.echo("Requesting Live ID...")
base_url = "https://errata.devel.redhat.com/errata/set_live_advisory_name"
cmd_assert(
f"curl -X POST --fail --negotiate -u : {base_url}/{erratum.errata_id}",
retries=3,
pollrate=10,
)
else:
green_prefix("Would have created advisory: ")
click.echo("")
click.echo(erratum)
def create_textonly_cli(ctx, runtime, errata_type, date, assigned_to, manager,
package_owner, topic, synopsis, description, solution,
bugtitle, bugdescription, yes):
"""
Create a text only advisory with all required input passed from args, need to manually decide the statement for each release.
Also will create the notification bug along with the text only advisory, the bug also need some special comment and title.
These args need to be designated manually for text only advisory:
- topic
- synopsis
- description
- solution
- assigned
These args need to be designated manually for text only bug:
- bugtitle
- bugdescription
"""
runtime.initialize()
# create textonly bug
bz_data = runtime.gitdata.load_data(key='bugzilla').data
newbug = elliottlib.bzutil.create_textonly(bz_data, bugtitle,
bugdescription)
click.echo("Created BZ: {} {}".format(newbug.id, newbug.weburl))
# create textonly advisory
et_data = runtime.gitdata.load_data(key='erratatool').data
try:
erratum = Erratum(
product=et_data['product'],
release=et_data['release'],
qe_group=et_data['quality_responsibility_name'],
synopsis=synopsis,
topic=topic,
description=description,
solution=solution,
qe_email=assigned_to,
errata_type=errata_type,
owner_email=package_owner,
manager_email=manager,
date=date,
text_only=1,
)
except elliottlib.exceptions.ErrataToolUnauthorizedException:
exit_unauthorized()
except elliottlib.exceptions.ErrataToolError as ex:
raise repr(ex)
erratum.addBugs(newbug.id)
cdn_repos = et_data.get('cdn_repos')
if cdn_repos:
click.echo(f"Configuring CDN repos {', '.join(cdn_repos)}...")
erratum.textOnlyRepos(enable=cdn_repos)
if yes:
erratum.commit()
green_prefix("Created new text only advisory: ")
click.echo(str(erratum))
else:
green_prefix("Would have created advisory: ")
click.echo("")
click.echo(erratum)
def create_cli(ctx, runtime, errata_type, kind, impetus, date, assigned_to, manager, package_owner, with_placeholder, yes, bugs):
"""Create a new advisory. The kind of advisory must be specified with
'--kind'. Valid choices are 'rpm' and 'image'.
You MUST specify a group (ex: "openshift-3.9") manually using the
--group option. See examples below.
You must set a Release Date by providing a YYYY-Mon-DD formatted string to the
--date option.
The default behavior for this command is to show what the generated
advisory would look like. The raw JSON used to create the advisory
will be printed to the screen instead of posted to the Errata Tool
API.
The impetus option only effects the metadata added to the new
advisory and its synopsis.
The --assigned-to, --manager and --package-owner options are required.
They are the email addresses of the parties responsible for managing and
approving the advisory.
Adding a list of bug ids with one or more --bugs arguments attaches those bugs to the
advisory on creation. When creating a security advisory, the list of bugs will also be checked for any CVE flaw
bugs which they are blocking, and those will be added as well. Any CVE flaw bugs
being added will also calculate the Impact for the release if it's type is RHSA.
Provide the '--yes' or '-y' option to confirm creation of the
advisory.
PREVIEW an RPM Advisory 21 days from now (the default release date) for OSE 3.9:
$ elliott --group openshift-3.9 create
CREATE Image Advisory for the 3.5 series on the first Monday in March:
\b
$ elliott --group openshift-3.5 create --yes -k image --date 2018-Mar-05
"""
# perform sanity checks and provide default values
if errata_type == 'RHSA':
if not bugs:
raise ElliottFatalError(
"When creating an RHSA, you must provide a list of bug id(s) using one or more `--bug` options.")
if not impetus:
impetus = 'cve'
elif impetus != 'cve':
raise ElliottFatalError("Invalid impetus")
elif not impetus:
impetus = 'standard'
runtime.initialize()
et_data = runtime.gitdata.load_data(key='erratatool').data
bz_data = runtime.gitdata.load_data(key='bugzilla').data
impact = None
# User entered a valid value for --date, set the release date
release_date = datetime.datetime.strptime(date, YMD)
######################################################################
flaw_cve_map = {}
impact = None
unique_bugs = set(bugs)
if bugs:
bzapi = elliottlib.bzutil.get_bzapi(bz_data)
LOGGER.info("Fetching bugs {} from Bugzilla...".format(
" ".join(map(str, bugs))))
bug_objects = bzapi.getbugs(bugs)
# assert bugs are viable for a new advisory.
_assert_bugs_are_viable(errata_type, bugs, bug_objects)
if errata_type == 'RHSA':
LOGGER.info("Fetching flaw bugs for trackers {}...".format(" ".join(map(str, bugs))))
tracker_flaws_map = elliottlib.bzutil.get_tracker_flaws_map(bzapi, bug_objects)
impact = elliottlib.bzutil.get_highest_impact(bug_objects, tracker_flaws_map)
flaw_bugs = [flaw for tracker, flaws in tracker_flaws_map.items() for flaw in flaws]
flaw_cve_map = elliottlib.bzutil.get_flaw_aliases(flaw_bugs)
unique_bugs |= set(flaw_cve_map.keys())
######################################################################
try:
erratum = elliottlib.errata.new_erratum(
et_data,
errata_type=errata_type,
kind=kind,
boilerplate_name=(impetus if impetus != "standard" else kind),
release_date=release_date.strftime(YMD),
assigned_to=assigned_to,
manager=manager,
package_owner=package_owner,
impact=impact,
cves=' '.join((alias) for alias in flaw_cve_map.values())
)
except elliottlib.exceptions.ErrataToolUnauthorizedException:
exit_unauthorized()
except elliottlib.exceptions.ErrataToolError as ex:
raise ElliottFatalError(getattr(ex, 'message', repr(ex)))
erratum.addBugs(unique_bugs)
if yes:
erratum.commit()
green_prefix("Created new advisory: ")
click.echo(str(erratum))
if errata_type == 'RHSA':
yellow_print("Remember to manually set the Security Reviewer in the Errata Tool Web UI")
# This is a little strange, I grant you that. For reference you
# may wish to review the click docs
#
# http://click.pocoo.org/5/advanced/#invoking-other-commands
#
# You may be thinking, "But, add_metadata doesn't take keyword
# arguments!" and that would be correct. However, we're not
# calling that function directly. We actually use the context
# 'invoke' method to call the _command_ (remember, it's wrapped
# with click to create a 'command'). 'invoke' ensures the correct
# options/arguments are mapped to the right parameters.
ctx.invoke(add_metadata_cli, kind=kind, impetus=impetus, advisory=erratum.errata_id)
click.echo(str(erratum))
if with_placeholder:
click.echo("Creating and attaching placeholder bug...")
ctx.invoke(create_placeholder_cli, kind=kind, advisory=erratum.errata_id)
else:
green_prefix("Would have created advisory: ")
click.echo("")
click.echo(erratum)