AxisCommunications
Updates to Opensource Jira Plugin
Signed-off-by: enaysaa [email protected]
Introduced TypeScript type definitions SearchJiraResponse and JiraQueryResults to represent Jira search responses and pagination details. Updated the searchJira function to return search results as a SearchJiraResponse, incorporating the new types. Enhanced error handling in the searchJira function by handling HTTP response errors and logging them appropriately. The JiraQueryResults type outlines the structure of a paginated Jira search response, facilitating better data handling. These changes streamline the Jira Dashboard plugin's codebase, improving error resilience and clarity in handling search operations.
Checklist before requesting a review
- [X] I have performed a self-review of my own code
- [X] I have verified that the code builds perfectly fine on my local system
- [X] I have added tests that prove my fix is effective or that my feature works
- [X] I have commented my code, particularly in hard-to-understand areas
- [X] I have verified that my code follows the style already available in the repository
- [X] I have made corresponding changes to the documentation
🦋 Changeset detected
Latest commit: 5b0f89590d386c27abdfcdeb82a3d7cb2bece4fe
The changes in this PR will be included in the next version bump.
This PR includes changesets to release 2 packages
| Name | Type |
|---|---|
| @axis-backstage/plugin-jira-dashboard-backend | Major |
| backend | Patch |
Not sure what this means? Click here to learn what changesets are.
Click here if you're a maintainer who wants to add another changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you! This functionality is a bit problematic since it makes it possible for any logged in Backstage user to perform any jql query using the credentials in Backstage. In the normal Jira dashboard workflow only the projects that have opted in with the Jira annotation exposes any information in Backstage.
I understand that you have other uses cases that also uses Jira information in different ways. We have similar requirements but in those cases we have made backends for each needed data point. The actual Jira interaction is done using the "searchJira" function that is exported from the "jira dashboard backend plugin". Then there is no chance for any data leaks.
Hi anicke Thanks for your feedback Yes on re-analysis & discussion amongst the team, we agree with the security concern you outlined. We will revise the solution and re-submit an updated patch when possible - we will need to enhance the searchJira function to include a response object detailing pagination details (eg: maxResults, startAt & total fields) and handling for http error responses such as 400/401/503 etc
Hi anicke Just wanted to confirm if there are updated regarding this PR? thanks
Hi @SaachiNayyer!
Is this PR the same as https://github.com/AxisCommunications/backstage-plugins/pull/127? That one seems to be newer :) Can I close this one?
