From c33f5f5104e9c636246a183717da1336d0719b37 Mon Sep 17 00:00:00 2001
From: Sirajudeen <sirajudeen.yasin@gmail.com>
Date: Thu, 22 Oct 2020 14:30:28 +0000
Subject: [PATCH] Use token for github Authentication

* Move from user/passwd to token based auth for
  github api access
* Github password based authentication will be deprecated soon
  https://developer.github.com/changes/2020-02-14-deprecating-password-auth/

Change-Id: Ic5af5bcf6ceb9828f2df7cca97e73c713dc79c1e
Closes: #373
---
 ...rship-airshipctl-update-github-issues.yaml |  3 +--
 playbooks/files/update_github_issues.py       |  9 +++----
 zuul.d/jobs.yaml                              |  2 +-
 zuul.d/secrets.yaml                           | 25 +++++++++----------
 4 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/playbooks/airship-airshipctl-update-github-issues.yaml b/playbooks/airship-airshipctl-update-github-issues.yaml
index dbadfc94e..7b8fd1593 100644
--- a/playbooks/airship-airshipctl-update-github-issues.yaml
+++ b/playbooks/airship-airshipctl-update-github-issues.yaml
@@ -27,8 +27,7 @@
         executable: pip3
     - name: Run python script
       script: >
-        update_github_issues.py "{{ github_credentials.username }}" \
-          "{{ github_credentials.password }}" \
+        update_github_issues.py "{{ github_credentials.token }}" \
           "{{ zuul.message | b64decode }}" \
           "{{ zuul.change_url }}"
       args:
diff --git a/playbooks/files/update_github_issues.py b/playbooks/files/update_github_issues.py
index 1d2c36c80..cde7e0d4b 100755
--- a/playbooks/files/update_github_issues.py
+++ b/playbooks/files/update_github_issues.py
@@ -15,10 +15,9 @@ import sys
 
 import github
 
-GH_USER = sys.argv[1]
-GH_PW = sys.argv[2]
-ZUUL_MESSAGE = sys.argv[3]
-GERRIT_URL = sys.argv[4]
+GH_TOKEN = sys.argv[1]
+ZUUL_MESSAGE = sys.argv[2]
+GERRIT_URL = sys.argv[3]
 REPO_NAME = 'airshipit/airshipctl'
 PROCESS_LABELS = ['wip', 'ready for review', 'triage', 'blocked']
 
@@ -65,7 +64,7 @@ def remove_duplicated_issue_numbers(issue_dict: dict) -> dict:
 if __name__ == '__main__':
     issue_number_dict = parse_issue_number(ZUUL_MESSAGE)
     issue_number_dict = remove_duplicated_issue_numbers(issue_number_dict)
-    gh = github.Github(GH_USER, GH_PW)
+    gh = github.Github(GH_TOKEN)
     repo = gh.get_repo(REPO_NAME)
     for key, issue_list in issue_number_dict.items():
         for issue_number in issue_list:
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index e2b7656b1..3969ab47b 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -44,7 +44,7 @@
     nodeset: airship-airshipctl-single-node
     secrets:
       - name: github_credentials
-        secret: airship_airshipctl_airshipit_github_username_password
+        secret: airship_airshipctl_airshipit_github_token
 
 - job:
     name: airship-airshipctl-build-image
diff --git a/zuul.d/secrets.yaml b/zuul.d/secrets.yaml
index 8f870cba0..f0bcba8aa 100644
--- a/zuul.d/secrets.yaml
+++ b/zuul.d/secrets.yaml
@@ -59,20 +59,19 @@
           595F3m2UtgR6QKN5xbJJmWp7ipihdRvQ1eVl5GCjG7MBi27YvILp4cIWg+MO1I=
 
 - secret:
-    name: airship_airshipctl_airshipit_github_username_password
+    name: airship_airshipctl_airshipit_github_token
     data:
-      username: airshipbot
-      password: !encrypted/pkcs1-oaep
-        - jaGJaxWV5B0TyKTGk776biSWBv9MGQyVpm4vYvyofLVYit4TgVYT6rySnQCxt7V8Bu01F
-          UyS43JQ2iyPZmeF1mMlsDyyiXva8g53tYYkjtgRczqm/miRJ10Y597VOpa0iLAifeARBE
-          5k8npntsoMGJ7nryyjVcs1oSxvcylixjYnf/eERen2OcaxmDdNcnJt05/ra6FXDUgND3k
-          2WxO570cIBei6LXNXfwLuwQKxEmqMcvjYrLiNvvhNhgBrAVty24B43WDGJ2j+lghxaoUS
-          snCcKP1YQDMzI5vmVw2epIEL6889LdtwNWzqHW/CgSd9ZItI8Fvkagchg8NKNmqTdAJGr
-          a8PQDmn74pO1pyMqtAzPCHAgaqvCdzEq3AZ07jigw08BGa3R5ShT+q90f4KmPQ0PV6myv
-          Naq4h8+XAnnF5Rf4+bcGQtWg5mX7JOaEpXbfhuiolyKgdqirC7lXtvLTugHuUVXJ8FRNR
-          J1bBxnfCcbR/sGQJb0PjS9fmvpWBoGGdlimrL96tKVIgvFvrEh/ttiIVr1WqVic6JTOuP
-          Tzg9kzqldSJrMz6DXAx4wpGCIwnef9IUhHGCf1etJg79xq2MsXIswl0Q1kpy1VAbkVop8
-          40eF9fKucscyJCA9kpdzg8O+ZBajJK8NFd20JyblBNxCb+4X+a9mAux942jT7A=
+      token: !encrypted/pkcs1-oaep
+        - C4sCU3SRapwEj7TQTV1L+8VJGEdMmPFANnLbZ/Wn/ZQu8UTmcV/4dv4Lgcu6jaXJBE3sd
+          25EWuxEn2x5Q19+M0jqYLrJisJUbnBoOh1OhRZbx1bpjgpz/ZE9vbftYy3XE4DV5Y/s2S
+          Ws/gK1l7AhPs0BDHY7+WqB+n8pI/vaxuhIsd6Bii0cG2eOt0A2blolSVTnNmZnde9njhv
+          fodq9NT0eJ1BfFWViSI1JO/2s0M5Q1vdbNUmXHZYB62mA9Y5ZezXlj2iusjbrL0vXaVlB
+          FowH/XSB3FOyup/JzFtczUzQJ2r/RWgP3w2G5ZFSBic5UBIFGyIPhW6AGrgx4cWDPyhG+
+          QsTaiGlKHawEZtK97/2ozoFaKJOsojmElY2FlMSEN/ZoXVUBnnCs6pcT+87D/iJ9kZlUI
+          MEXKkuRu2ug+oMpvJTOf9in32JpgcuhPqfHa2DCH1Al3WKUC62KsoUOHlf+5SDAxzCaub
+          IW5Bjeacl2jIlZsstPBJLXrUFV7gsx7Cj04EjdG05uTushjdDOT+E/xCINxYPVJbyesIu
+          3nNJpTSEOfUzK0h01HJxQM51vC2DAf6WpACHPpxwQ/hpXNd6SYCqCeF9rbsDX3rCnNQoz
+          kL+NUx24hlj9btN7uIb89GxT7eukdbZE8PspHhe/jrehb3IJsLVX7xOtroNx80=
 
 - secret:
     name: airshipctl_image_repo_credentials