Programmatic access to Trac

[Zach Pearson]

I like Trac and I recognize the strengths it gives us, but I'm pretty envious of the GitHub close-on-push workflow. It's kind of a nightmare to try and remember to link the commit that closed a ticket to the ticket.

I'd like it if when I pushed commits to GitHub, some script would look at the commit and if it closes a ticket, copy the body of the commit into a Trac comment and close the ticket.

Say the commit was

fix(bundle): Summary
<reasoning>
Fixes Trac#15118

To update Trac tickets, you have to first GET the ticket and note the time of the most recent change, then include that in your subsequent request. Trac will check it against what it thinks the most recent change time is and reject your request if it is older, to prevent out of order edits. So the script would GET /trac/ChimeraX/15118, note the most recent change (in the <head> HTML tag Trac includes a script that has a list of JSON objects describing all changes with timestamps) then POST

__FORM_TOKEN: <form token from Trac cookie>
comment: [https://www.github.com/rbvi/ChimeraX/<commit hash> Fixed:] + <commit body>
action: resolve
action_resolve_resolve_resolution: fixed
submit: Submit changes
field_reporter: <user>
start_time: <most recent change time from get>
view_time: <most recent change time from get>

Having this be a client side utility is somewhat more flexible because there can be other resolutions to tickets that aren't prompted by commits, like invalid, wontfix, or 'can't reproduce'. I can write code that formats the comment for me and sends the request. I'm just unable to figure out how to authenticate to our Trac on the command line since it is kerberized.

I copied krb5.conf to my local machine and added my identity to it

ktutil add --keytab=/etc/kbr5.keytab -p zjp@CGL.UCSF.EDU -w $(rbw get cgl) -e aes256-cts-hmac-sha1-96 -V 1
(rbw is a command line program to access Bitwarden vaults)

then I ran kinit and got a TGT (I think)?

But I can't successfully authenticate.

curl -v --negotiate -u: https://rbvi.ucsf.edu/admin/kerbtest.py

Gives me a 401

I also see * gss_init_sec_context() failed: An unsupported mechanism was requested. unknown mech-code 0 for mech unknown. in the output, but I think this might be a red herring. I also get a 401 at first on my browser, then a popup window asking for my username and password. Then when I enter that, I get no indication of anything happening. My request for the original page simply goes through.

[Zach Pearson]

No need to milestone.

[Eric Pettersen]

Well, my poor-man's version of this is to just go to GitHub after the push and click on the link to the most recent develop commit (which is near the top of the GitHub page), copy that URL and paste it into the ticket.

[Zach Pearson]

I discovered that actually, the --negotiate flag to curl was unnecessary. Various StackOverflow posts on authenticating to Kerberized APIs insist that you need to pass the --negotiate flag to curl, but in our case they are wrong and simple username-password auth works and sets Trac cookies accordingly.