5.7.238. Bugzilla::Extension::Workflows::APIKeyExpiry¶
5.7.238.1. NAME¶
Bugzilla::Extension::Workflows::APIKeyExpiry
5.7.238.2. DESCRIPTION¶
This workflow enables automated revocation and expiration of APIKeys.
The Banning Workflow¶
Banning is permanent, a banned APIKey can never be used again.
- The APIKey checking cron job detects an APIKey approaching expiry
- A tracker bug is opened for each APIKey
For bot accounts the users in the Agile team managing the bot are CC’d on the bug.
For other accounts the account is CC’d on the bug.
- either:
- An owner revokes the key.
- The key is banned
- The tracking bug has a comment added that the key was revoked
- The tracker bug is closed
- The deadline is reached
- The key is banned
- The tracking bug has a comment added that the key was banned
- The tracking bug is closed
The Revoking Workflow¶
Revocation is not permanent, a revoked key can be reenabled on the account’s APIKey preferences tab.
When the APIKey checking cron job is run it will automatically revoke any APIKey that has not been used in 30 days and is not being processed by the Banning Workflow.
An email notification is sent for this event.
For bot accounts the email is sent to all the users in the Agile team managing the bot.
For other users the email is sent to the account’s email address.
This documentation undoubtedly has bugs; if you find some, please file them here.
