Skip to content

JIRA Integration - (FE) Add option to enable Jira issue creation from vulnerabilities

Overview

In a project's settings, there is the ability to add Jira integration:
ksnip_20201129-224452

On the Jira integration details page, add the option to enable Jira issue creation from vulnerabilities:
ksnip_20201129-224824

Design Issue

#8942 (closed)

Other Considerations

Currently, the Viewing of Jira issues in GitLab feature is only available to Premium and Silver plans. If the customer is on a lower tier plan, we display an "Upgrade your plan" button.

@matt_wilson replied:

Thanks for the heads up; it might. Vulnerability management is only available in Gold/Ultimate so we'll need an additional way to account for that. Perhaps either hide it from lower tier plans or replicate the upsell CTA.

Development Environment

In order to work on this locally it is necessary to sign up for Jira cloud and setup a testing project:

  1. https://www.atlassian.com/try/cloud/signup?bundle=jira-software&edition=free - Sign up with your gitlab-google account
  2. Create an example project with default settings
  3. Get an API-token from https://www.atlassian.com/try/cloud/signup?bundle=jira-software&edition=free (this is needed when configuring the gitlab-jira integration)

Designs

"Enable Jira issues" unchecked, "Enable creation from vulnerabilities" is hidden "Enable Jira issues" checked, "Enable creation from vulnerabilities" is shown and unchecked by default
a1_Jira-integration_initial-state a3_Jira-integration_vuln-mgmt-disabled
Checking "Enable creation from vulnerabilities" shows issue type selector Issue type selected Project key changed message shows when project key is changed
a4_Jira-integration_vuln-mgmt-enabled a4-1_Jira-integration_vuln-mgmt_Issue-type-selected a4-2_Jira-integration_vuln-mgmt_Issue-type-selected
Error message Tooltips
a5_Jira-issue-type-validation details-popovers_tooltips

Implementation Plan

  • Add logic to app/assets/javascripts/integrations/edit/components/jira_issues_fields.vue:
    • If for Gold/Ultimate users
      • When "Enable Jira issues" checkbox is checked:
        • Show "Enable Jira issue creation from vulnerabilities" checkbox to app/assets/javascripts/integrations/edit/components/jira_issues_fields.vue and add logic to only render when the "Enable Jira issues" checkbox is checked
      • When "Enable Jira issue creation from vulnerabilities" checkbox is checked:
        • Show issue type selector (note: use gl-button-group to wrap the dropdown and refresh button)
          • When Jira project key is not present
            • Show warning
            • Disable issue type selector
          • When Jira projec keys is present
            • Fetch list of issue types (same same endpoint as "Test Connection" action / note: set issuetypes default to either 0 or 10000 to satisfy validation - see comment for details)
              • When successful
                • Populate dropdown with data from response
                • Enable dropdown
              • When error
                • Show inline error alert with error message from response
                • Disable dropdown
          • Whenever Jira project key changes
            • Show message to inform the user that they should refresh the issue-types list
    • Otherwise don't render anything or display upsell CTA (TBD)
  • Add specs

Feature Flags

Use existing :jira_for_vulnerabilities feature flag

Edited by David Pisek