Remote Issue Trackers

Overview of other issue trackers, their capabilities and golang support.

GitHub Issues

Sync Calls:

This library lets you support asynchronous calls through channels.

Callback Support:

  • According to the requirement of Planner the best way is to have Asynchronous requests.

  • The GitHub Go library have a quite good support to do it through channels and function callback as well.

Query:

The query passed is passed as “is:open is:issue user:arquillian author:aslakknutsen”

Individual Lookup:

  • For Public repositories we don’t need any ID or key

  • To access and query the Private repositories we will need the personal access token of the user and authenticate the application as explained further in the Auth section.

Collect Sample Data:

Auth models:

  • To use GitHub API from Go we can use github.com/google/go-github package. GitHub, like many other sites, uses OAuth 2.0 protocol for authentication. There are few packages for Go that implement OAuth. read this sample. Short intro to OAuth for GitHub

  • To access private info about the user via the API in your web app you need to authenticate your app against GitHub website.

  • First, you need to register your application with GitHub (under Developer applications). You provide description of the app, including a callback url (we’ll get back to that). GitHub creates client id and client secret that you’ll need to provide to OAuth libraries (and keep them secret).

  • The flow of OAuth is: the user is on your website and clicks “login with GitHub” link you redirect the user to GitHub’s authorization page. In that url you specify desired access level and a random secret the user authorizes your app by clicking on a link GitHub redirects to a callback url on your website (which you provided when registering the app with GitHub) in the url handler, extract “secret” and “code” args you have to check that the secret is the same as the one you sent to GitHub (security measure that prevents forgery)

  • you call another GitHub url to exchange code for access token Access token is what you use to authenticate your API calls.

Auth work around

1
2
3
4
5
6
7
8
9
10
11
func main() {
  ts := oauth2.StaticTokenSource(
    &oauth2.Token{AccessToken: "... your access token ..."},
  )
  tc := oauth2.NewClient(oauth2.NoContext, ts)

  client := github.NewClient(tc)

  // list all repositories for the authenticated user
  repos, _, err := client.Repositories.List("", nil)
}

Auth levels

Auth Permissions

Public repo

can query without username or API key

Private repo

Need to authenticate App with personal access token

Notes on callback url

callback url is defined when the ap is registered. This is a problem for testing, because your app might use different hosts for development or production. One option is to create different apps for testing and production, with different callback urls. OAuth protocol allows providing callback url as an argument when calling authorization page (and oauth2 library allows setting it as oauth2.Config.RedirectURL) but GitHub has restrictions and doesn’t allow changing host. Using personal access token If you want to access someone else’s GitHub info, you need to authorize your app with GitHub as described above. If you want to access your own account, you can generate a personal access token. For querying a public repository, no auth level is required

Required auth levels for different interactions

  • Query: for public repo no auth required, for private repos required

  • Lookup: Same as querying but for repository app needs to authenticate the user

  • Callback: Same as Query and lookup.

GitHub Golang libraries

Completeness Style Community Feature Support Auth Support Version

Go-GitHub https://github.com/google/go-github

Complete/Accomplish all functionalities which will be needed

Object oriented

1. last commit - on 8 July 2016 2. Last Pull Request - on 10 July 2016 3. Pull requests: 247 4. No. of contributors: 95

All the important features are supported by the library and many are being added continuously

OAuth2 is supported for Github library and the app needs to get registered with github.A description plus a callback url is needed

No version

Github Python libraries

Completeness Style Community Feature Support Auth Support Version

PyGithub https://github.com/PyGithub/PyGithub

Complete

Object oriented

1. last commit - on 8 July 2016 2. Last Pull Request - on 8 July 2016 3. Pull requests: 116 4. No. of contributors: 60

All the important features are supported by the library and many are being added continuously

OAuth2 is supported for Github library and the app needs to get registered with github.A description plus a callback url is needed

49

Trello

Sync calls only

Go Library for trello supports Asynchronous calls through channels.

Callback support

According to the requirements of application the best way is to have Asynchronous requests. And using go channels will solve this issue or function callback is also supported by the library.

Query

Query is given as the boardId and the list name we want to search. >listName: ‘Epic Backlog’, >boardId: ‘nlLwlKoz’

Individual lookup

Lookup through API key can get all its related credentials as the query we have for a particular user for a boardId and a listName

Collect sample data

Auth models:

  • Using the Trello object, we need to authenticate the user. * This is done with the Trello.authenticate method. This method will automatically trigger the OAuth flow and return back a token. This token will be specific to your Application ID and the user who is executing the flow.

  • It’s important to understand that the Authentication Token gives application the ability to make calls on behalf of your user, from their context. This token grants access to the authenticated user’s boards, lists, Cards, and other settings, depending on the permissions you requested in the authenticate method.

Auth Work around

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
package main

import (
    "fmt"
    "log"
    "github.com/VojtechVitek/go-trello"
)

func main() {
    // New Trello Client
    appKey := "application-key"
    token := "token"
    trello, err := trello.NewAuthClient(appKey, &token)
    if err != nil {
        log.Fatal(err)
    }

    // User @trello
    user, err := trello.Member("trello")
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println(user.FullName)

    // @trello Boards
    boards, err := user.Boards()
    if err != nil {
        log.Fatal(err)
    }

Auth levels

Auth Permissions

Public board

Need Username

Private board

Need API key and token to authenticate

Required auth levels for different interactions

  • Query : For querying public boards only username is needed. Other than that API key is needed

  • Lookup : Same as Querying, API Key and token are needed for the private boards.

  • Callback: Username, API key and token are needed.

Trello Golang libraries

Completeness Style Community Feature Support Auth Support Version

go-Trello https://github.com/VojtechVitek/go-trello

Complete/Accomplish all functionalities which will be needed

Object oriented

1. last commit - on February 26 2. last pull request- on february 28 3. No. of contributors: 23 and 31 stars

All the important and needed functionalities are supported by this library

User Name is needed as the basic auth support other than that to access Private cards API Key is needed and as a Application perspective we need to authenticate the app with user’s API key and token.

0.1

go-Trello https://github.com/octokit/go-octokit https://golanglibs.com/top?q=trello

Complete

Object oriented

1. last commit - on February 26 2. last pull request- on february 28 3. No. of contributors: 23 and 31 stars

All the important and needed functionalities are supported by this library

User Name is needed as the basic auth support other than that to access Private cards API Key is needed and as a Application perspective we need to authenticate the app with user’s API key and token.

0.1

Trello Python libraries

Completeness Style Community Feature Support Auth Support Version

py-Trello Github Repo: https://github.com/sarumont/py-trello https://pythonhosted.org/trello/trello.html Examples: https://pythonhosted.org/trello/examples.html

Complete

Object oriented

1. last commit - on June 7 2016 2. last pull request- July 7 2016 3. Pull requests: 94 4. No. of contributors: 55

All the important and needed functionalities are supported by this library

OAuth is supported and API Key and token is necessary.

14

py-Trello https://github.com/plish/Trolly

Incomplete

Object oriented

1. last commit - on March 1 2016 2. last pull request- February 25 2016 3. Pull requests: 25 4. No. of contributors: 8

Trello functionalities are there but no auth support till now.

Library has no auth support.

No Version

Bugzilla

Bugzilla exposes its api through xmlrpc protocol

Sync Calls:

  • Run an external program to query Jira using REST, check the changes, sync to your application.

    • This approach requires you to implement the logic that the issue has been updated

    • Bugzilla allows you to retrive history of a bug

Callback Support:

REDHAT Bugzilla Api doesnot support event notification: https://bugzilla.redhat.com/show_bug.cgi?id=978953

Query:

  • Bugzilla supports MYSQL queries.

  • You can save the search as Remembered search and query it.

  • You can query using keyword/text.

Individual Lookup:

Type

Yes/No

User

Yes, through user id, real name, email address

Issue

Yes, through issue id or alias

Comment

Yes

Version/Branch

Yes

Product/ Component

Yes

Collect Sample Data:

XML-RPC

>>curl --silent --insecure https://bugzilla.redhat.com/xmlrpc.cgi -H "Content-Type: text/xml" -d "<?xml version='1.0' encoding='UTF-8'?><methodCall><methodName>Bug.get</methodName> <params><param><value><struct><member><name>ids</name><value>575745</value></member></struct></value></param> </params> </methodCall>"
<?xml version="1.0" encoding="UTF-8"?><methodResponse><params><param><value><struct><member><name>faults</name><value><array><data /></array></value></member><member><name>bugs</name><value><array><data><value><struct><member><name>priority</name><value><string>unspecified</string></value></member><member><name>cf_category</name><value><string>---</string></value></member><member><name>blocks</name><value><array><data /></array></value></member><member><name>creator</name><value><string>Marc Schoenefeld</string></value></member><member><name>last_change_time</name><value><dateTime.iso8601>20150819T08:44:27</dateTime.iso8601></value></member><member><name>cf_ovirt_team</name><value><string>---</string></value></member><member><name>is_cc_accessible</name><value><boolean>1</boolean></value></member><member><name>keywords</name><value><array><data><value><string>Security</string></value></data></array></value></member><member><name>cc</name><value><array><data><value><string>Andrew John Hughes</string></value><value><string>Andrew Haley</string></value><value><string>Deepak Bhole</string></value><value><string>Jiri Pechanec</string></value><value><string>Red Hat Product Security</string></value></data></array></value></member><member><name>url</name><value><string /></value></member><member><name>assigned_to</name><value><string>Red Hat Product Security</string></value></member><member><name>groups</name><value><array><data /></array></value></member><member><name>see_also</name><value><array><data /></array></value></member><member><name>id</name><value><int>575745</int></value></member><member><name>creation_time</name><value><dateTime.iso8601>20100322T10:21:00</dateTime.iso8601></value></member><member><name>whiteboard</name><value><string>impact=none,source=sun,public=20100330,reported=20100319</string></value></member><member><name>qa_contact</name><value><string /></value></member><member><name>depends_on</name><value><array><data /></array></value></member><member><name>cf_regression_status</name><value><string>---</string></value></member><member><name>docs_contact</name><value><string /></value></member><member><name>cf_story_points</name><value><string>---</string></value></member><member><name>resolution</name><value><string /></value></member><member><name>classification</name><value><string>Other</string></value></member><member><name>alias</name><value><array><data /></array></value></member><member><name>cf_doc_type</name><value><string>Bug Fix</string></value></member><member><name>op_sys</name><value><string>Linux</string></value></member><member><name>cf_crm</name><value><string /></value></member><member><name>target_release</name><value><array><data><value><string>---</string></value></data></array></value></member><member><name>status</name><value><string>NEW</string></value></member><member><name>cf_type</name><value><string>---</string></value></member><member><name>cf_documentation_action</name><value><string>---</string></value></member><member><name>summary</name><value><string>OpenJDK ThreadGroup finalizer allows creation of false root ThreadGroups (6639665)</string></value></member><member><name>cf_mount_type</name><value><string>---</string></value></member><member><name>is_open</name><value><boolean>1</boolean></value></member><member><name>platform</name><value><string>All</string></value></member><member><name>severity</name><value><string>unspecified</string></value></member><member><name>cf_environment</name><value><string /></value></member><member><name>version</name><value><array><data><value><string>unspecified</string></value></data></array></value></member><member><name>component</name><value><array><data><value><string>vulnerability</string></value></data></array></value></member><member><name>cf_fixed_in</name><value><string /></value></member><member><name>is_creator_accessible</name><value><boolean>1</boolean></value></member><member><name>product</name><value><string>Security Response</string></value></member><member><name>target_milestone</name><value><string>---</string></value></member><member><name>is_confirmed</name><value><boolean>1</boolean></value></member><member><name>cf_release_notes</name><value><string /></value></member><member><name>cf_verified_branch</name><value><string /></value></member></struct></value></data></array></value></member></struct></value></param></params></methodResponse>

JSON-RPC

>>curl --silent --insecure https://bugzilla.redhat.com/jsonrpc.cgi -H "Content-Type: application/json" -d '{"method": "Bug.get", "params": [{ "ids": ["575745"] }], "id": "1"}'
{
    "error": null,
    "id": "1",
    "result": {
        "bugs": [
            {
                "alias": [],
                "assigned_to": "Red Hat Product Security",
                "blocks": [],
                "cc": [
                    "Andrew John Hughes",
                    "Andrew Haley",
                    "Deepak Bhole",
                    "Jiri Pechanec",
                    "Red Hat Product Security"
                ],
                "cf_atomic": null,
                "cf_category": "---",
                "cf_clone_of": null,
                "cf_crm": "",
                "cf_doc_type": "Bug Fix",
                "cf_documentation_action": "---",
                "cf_environment": "",
                "cf_fixed_in": "",
                "cf_mount_type": "---",
                "cf_ovirt_team": "---",
                "cf_regression_status": "---",
                "cf_release_notes": "",
                "cf_story_points": "---",
                "cf_type": "---",
                "cf_verified_branch": "",
                "classification": "Other",
                "component": [
                    "vulnerability"
                ],
                "creation_time": "2010-03-22T10:21:00Z",
                "creator": "Marc Schoenefeld",
                "depends_on": [],
                "docs_contact": "",
                "dupe_of": null,
                "groups": [],
                "id": 575745,
                "is_cc_accessible": true,
                "is_confirmed": true,
                "is_creator_accessible": true,
                "is_open": true,
                "keywords": [
                    "Security"
                ],
                "last_change_time": "2015-08-19T08:44:27Z",
                "op_sys": "Linux",
                "platform": "All",
                "priority": "unspecified",
                "product": "Security Response",
                "qa_contact": "",
                "resolution": "",
                "see_also": [],
                "severity": "unspecified",
                "status": "NEW",
                "summary": "OpenJDK ThreadGroup finalizer allows creation of false root ThreadGroups (6639665)",
                "target_milestone": "---",
                "target_release": [
                    "---"
                ],
                "url": "",
                "version": [
                    "unspecified"
                ],
                "whiteboard": "impact=none,source=sun,public=20100330,reported=20100319"
            }
        ],
        "faults": []
    }
}

Auth models:

Authorization Level

  • Permission to do stuff in Bugzilla are defined by groups and Bugzilla users get membership to certain groups manually or automatically

  • Groups:

    • restrict visibility of bugs to a specific set of users

    • Types:

      • Generic group

      • Product based group

Administrators

Permissions

who have "editbugs" priviledges

can edit all bug fields

who have "editkeywords" priviledges

can create, destroy, edit keywords

who have "editusers" priviledges

can create, update, block user profiles

who have "canconfirm" priviledges

can confirm a bug or mark it as duplicate

who have "admin" priviledges

can edit fields, groups → total control over Bugzilla

Bugzilla Golang libraries

Completeness Style Community Feature Support Auth Support Version

bugtraq https://github.com/mfojtik/bugtraq

Complete

Object oriented

1. Last commit - 23 July 2014 2. Last pull request- No PR 3. No. of contributors: 1 4. No. of watchers: 0 5. No. of stars: 0

uses xmlrp

Yes, through username-password

It is the first version. No further versions released. Branch → master

moz-go-bugzilla https://github.com/st3fan/moz-go-bugzilla

Not complete

Object oriented

1. last commit - 28 Nov 2013 2. last pull request- No PR 3. No. of contributors: 1 4. No. of watchers: 0 5. No. of stars 0

custom fields

No

It is the first version. No further versions released. Branch → master

gorgojo https://github.com/dmacvicar/gorgojo

not complete

object-oriented

1. Last commit: 14 March 2016 1. Last PR: No PR 2. No. of contributors: 1 contributor 3. No.of watchers: 0 watcher, 4. No. of stars: 0 star

get bugs, search bugs

No

It is the first version. No versions further released, Branch → master

bugzilla https://github.com/mkorenkov/bugzilla

not complete

object-oriented

1. Last commit: 1 November 2015 Last PR: No PR No. of contributors: 1 contributor No. of watchers: 2 watchers No. of stars: 1 star

list bugs, lookup bug details using id, add comment to bug

Yes, through username and password

It is the first version. No versions further released, Branch → master

Bugzilla Python libraries

Completeness Style Community Feature Support Auth Support Version

bugzilla https://github.com/python-bugzilla/python-bugzilla

complete

object-oriented

1. Last commit: 8 June 2016 2. Last PR: 26 May 2016 3. No. of contributors: 30 contributors 4. No. of watchers: 5 watchers 5. No. of stars: 17 stars

uses xmlrp, create and edit bug, querying, update

Yes, through username and password

Latest version: v1.2.2, Branch → master

PyBugz https://github.com/williamh/pybugz

complete

object-oriented

1. Last commit: 10 July 2016 2. Last PR: 10 Feb 2016 3. No. of contributors: 27 contributors 4. No. of watchers: 11 watchers, 5. No. of stars: 69 stars

list details of bug including comments and attachments, downloading/viewing attachments, posting bugs/ comments, modifying existing bug, adding attachment to bug

Yes, through username and password

Latest version: v0.12.x, Branches → master, 0.10.x, 0.11.x, 0.12.x, refactor

Jira library

Sync Calls:

  • Run an external program to query JIRA using REST, check the changes, sync to your application.

    • This approach requires you to implement the logic that the issue has been updated

    • load on Jira for each polling.

  • JIRA Command Line Interface

    • good functionality

    • launching the process every time can be a bit of a burden

    • easy to debug and maintain

    • recommended approach

Callback Support:

  • done through the use of jira webhooks which can be created using rest api

  • When webhook is triggered, it sends a JSON callback containing:

    • event id

    • timestamp

    • information about entity(issue, project etc) associated with event

    • additional information depending on type of event

Query:

  • JIRA REST API allows you to send a JQL query and recieve a subset of issues.

  • We can:

    • perform text search

    • run saved search

Individual Lookup:

  • User:

    • There is no direct method to get all users in JIRA REST Api.

    • You can search for a particular user using string.

    • https://servername/rest/api/2/user/search?username=a this returns all users that have "a" somewhere in their name

    • Workaround: + You can get list of all users belonging to a group (although you cannot get list of all groups) + You can get list of all users which can be assigned to a project

  • Issue:

    • Yes. We can get all issue data through issue id. + /rest/api/2/issue/{issueId}

  • Comments:

    • Yes. We can pull all comments for each issue in each project and checking them one by one using comment id. + /rest/api/2/issue/{issueId}/comment/{id}

Collect Sample Data:

>>curl -u username:password -X GET -H "Content-Type: application/json" https://issues.jboss.org/rest/api/2/issue/12406319?fields=status
{"expand":"renderedFields,names,schema,transitions,operations,editmeta,changelog","id":"12406319","self":"https://issues.jboss.org/rest/api/2/issue/12406319","key":"ARQ-88","fields":{"status":{"self":"https://issues.jboss.org/rest/api/2/status/6","description":"The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.","iconUrl":"https://issues.jboss.org/images/icons/statuses/closed.png","name":"Closed","id":"6","statusCategory":{"self":"https://issues.jboss.org/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}}}

Auth models:

  • There are 3 authentication models:

    • Basic authentication

    • Cookie based Authentication

    • OAuth

  • Basic authentication:

    • Authenticate on HTTP using username and password

    • If you simply specify the username, curl will prompt for password. It doesnot give error

    • JIRA permits a default level of access to anonymous users. It doesnot supply a typical authentication challenge.

    • Usage example:

curl -D- -u <username:password> -X GET -H "Content-Type: application/json" <url>
  • Cookie based authentication:

    • benefits: + performance (not having to make multiple authentication calls)

    • disadvantage: + security risks (cookie can be hijacked if not handled properly)

    • working: + Create a new session. Post user credentials ({ "username": "myuser", "password": "mypassword" }) to session resource (http://jira.example.com:8090/jira/rest/auth/1/session) + Store session object on client + Add cookie name and value in header field of your request. Example: headers: {cookie: JSESSIONID=6E3487971234567896704A9EB4AE501F}

    • If cookie has expired, it gives 401 error response

    • This authentication model should be used when script involving REST API calls should be runs only for a few minutes

  • OAuth:

    • Open Standard of Authorization

    • A way through which users can log in using third party websites

    • Registering Your Application via OAuth: + In the "Applications Links administration" screen, create a new application link + Enter correct URL to your client + If your client can be reached via HTTP, choose Generic Application Type + Configure your client to support OAuth

    • How to authenticate via OAuth: + obtain request token from JIRA + authorize this token + swap request token with access token + make authentication request to REST end point

  • Captcha:

    • It is triggered after several consecutive failed log in attempts

    • user is supposed to interpret a distorted picture of word and type that word into a text field

    • If captcha has been triggered, you cannot use Jira’s REST api to authenticate with the JIRA site.

    • how to check if captcha has been triggered? + You will get an error response from JIRA with the header "X-Seraph-LoginReason" with value "AUTHENTICATION_DENIED"

Authorization Level

Action

Permission

Browse projects and issues

Anyone

View commit information

Anyone

Create issues

Registered User

Add comments

Registered User

lookup

Anyone

Query

Anyone. No field level security

Callback

Register via Jira REST Api. User must have administrators global permission.

Jira Golang libraries

Completeness Style Community Feature Support Auth Support Version

https://github.com/Netflix-Skunkworks/go-jira

complete

object-oriented

1. Last commit: 9 July 2016 2. Last PR: 31 March 2016 3. No. of contributors: 8 contributors 4. No. of watchers: 47 watchers 5. No. of stars: 146 stars

edit issues, create new issues, assign issues

Yes, through username and password

Latest version: v0.1.2, Branch → master

https://github.com/andygrunwald/go-jira

complete

object-oriented

1. Last commit: 19 June 2016 2. Last PR: 8 June 2016 3. No. of contributors: 10 contributors 4. No. of watchers: 4 watchers 5. No. of stars: 29 stars

feature to call every endpoint of jira even if it is not directly implemented in this library

Yes, through username-password, OAuth, Session Cookie

It is the first version. No versions further released. Branch → master

https://github.com/plouc/go-jira-client

complete

object-oriented

1. Last commit: 16 June 2016 2. Last PR: 15 June 2016 3. No. of contributors: 5 contributors 4. No. of watchers: 3 watchers, 5. No. of stars: 26 stars

search user/issue, get activity feed

Yes, through username and password

It is the first version. No versions further released. Branch → master

https://github.com/salsita/go-jira

api incomplete

object-oriented

1. Last commit: 28 Jan 2016 2. Last PR: No PR 3.No. of contributors: 2 contributors 4.No. of watchers: 7 watchers 5. No. of stars: 6 stars

get issue/ project/ user details, supports querying

Yes, through username-password, OAuth

No versions released. It is the first version. Branch → master

Jira Python libraries

Completeness Style Community Feature Support Auth Support Version

jira https://github.com/pycontribs/jira

complete, stable, some additional features PR are open

object-oriented

1. Last commit: 28 June 2016 2. Last PR: 9 July 2016 3. No. of contributors: 86 contributors 4. No. of watchers: 42 watchers 5. No. of stars: 209 stars

edit issues, create issues, assign issues

Yes, through: username-password, OAuth, Kerberos

Latest version: v0.1.2, Branches → develop, master