I try to update the actor for an Automation Rule in Confluence to a Service Account.
As this is not possible in the UI, I thought to use the Automation Rest API (The Automation REST API).
To start I used the GET-Rule-By-UUID to get the info on the rule I like to update.
The endpoint I use is this:
@Peter Rossum_ van Did you encode your credentials before adding them to the request header? Here is a working implementation in Python below,
import base64
import requests
def encode_base64(text: str) -> str:
text_bytes = text.encode("utf-8")
encoded_bytes = base64.b64encode(text_bytes)
return encoded_bytes.decode("utf-8")
url = f"https://api.atlassian.com/automation/public/jira/{CLOUD_ID}/rest/v1/rule/summary"
cred = f"{JIRA_USERNAME}:{JIRA_ACCESS_TOKEN}"
encoded_credentials = encode_base64(cred)
headers = {
"Accept": "application/json",
"Authorization": f"Basic {encoded_credentials}"
}
response = requests.request(
"GET",
url,
headers=headers,
)
print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
@Akash Singh , Thanks for quick response.
I do encode the credentials. I use PowerShell this way:
$email = <email-adres of the Service Account>
$APItokenFixed = <the API-token of the Service Account>
$cloudID = <our cloudID>
$pair = "$email`:$APItokenFixed"
$bytes = [System.Text.Encoding]::UTF8.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)
$AuthHeader = @{
"Authorization" = "Basic $base64"
"Accept" = "application/json"
}
$url = "https://api.atlassian.com/automation/public/confluence/$($cloudID)/rest/v1/rule/summary"
$response = Invoke-RestMethod -Method Get -Uri $url -Headers $AuthHeader
$response | get-member
--
{ "code": 401, "message": "Unauthorized; scope does not match" }
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Peter Rossum_ van Querying Jira or Confluence wouldn’t change the outcome in this case. In my case the request was authenticated using my personal API token.
I also explored creating credentials for a service account. While Atlassian provides an option to create a non-scoped API token, it still requires selecting scopes on the following screen. As @Marc -Devoteam- rightly pointed out, the Automation REST API does not currently support authentication via Forge or OAuth 2.0 apps.
At the moment, the only viable options are to use a personal API token or to create a licensed “service account” user and authenticate using that user’s credentials.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Before you bulk-change the rule actors, I have a suggestion...
You describe the UX does not support selection of a service account for a rule actor in the user-picker for the field. I wonder if that value is also validated for rule updates.
I suggest trying the REST API to update one test rule's actor, and then try to edit that same rule for a different change (e.g., an action) with the UX and publish any changes, testing cases of both enabled and disabled rules. This will save time if the service account user is not supported for persistence from the UX as any API-updated rule actors will prevent future UX edits.
Kind regards,
Bill
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Bill Sheboy ,
I understand your warning. Thanks for the tip!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This can be done within the rule details, depending the rule is for a single space, if the rule is from multiple spaces, then this needs to be done within the Global automation section with Confluence adminstration.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Marc -Devoteam- ,
Thanks for your response.
I do know how to modify a rule using the UI in Confluence Administration.
However, When I update the rule on that page and try to modify the actor to fill out the Service Account as actor, first of all I cannot find the Service Account as an account to choose from, second I get the error that I cannot set the actor to another user then myself.
I remembered that in one of my previous posts you suggested to update the actor using the API. So I tried. No luck sofar.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I don't think you can use a scopes token with the automation API.
See feature requests, AUTO-2139 and in relation JRACLOUD-95867
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.