This is partially issue with the test server and partially issue with missing compose_type option in the ODCS compose request done by CCCC.

The ODCS server should be configured in a way that CCCC user defaults to compose_type="test", but because the test ODCS server does not do any authentication, it is not possible to do this configuration.

It is therefore better to just send "compose_type": "test" in the ODCS request. So just change requests_args like this and it should work even on test server:

request_args = {"compose_type": "test"}

https://docs.pagure.org/odcs/api.html#compose-type

@jkaluza Thank you for getting the test server back in order. The previous version of the code was able to call the API and get part way through composes before pungi failed with an error.

My latest push includes provisions for auth via Kerberos and OpenIDC, but I haven't yet tested them. Can our internal test server be used to check out Kerberos and/or OpenIDC authentication by adding entries to ALLOWED_CLIENTS, or is authentication completely disabled?

@jkaluza I'm stuck. I need to talk with you (or someone else in-the-know) next week about authenticating to the ODCS API. I can't find any understandable documentation or examples for using an OpenIDC stored token, so I just guessed. And for Kerberos, the keytab pointed at by environment variable KRB5_CLIENT_KTNAME is ignored. Setting KRB5CCNAME instead does seem to be recognized, but results in complaints that the credentials are bad.

@merlinm, once I get the token from the fedora-infrastructure team, I will send it to you so you can test this code. But what you have there for token file parsing looks OK. It is simple file with token stored inside as plaintext.

For the KRB5_CLIENT_KTNAME, I think it should work. What keytab do you use and what ODCS instance is it?

I think it looks OK. +1 for merging.