Community
Q&A
Jira
Questions
What outgoing network connections should be allowed from a JIRA server?

Remove user from watcher from user picker custom field (Automation)

Heya Automators

Having some issues with the Manage watchers step in an automation.

I'm using a multi-user picker custom field to add and remove users from Watchers.

The issue I'm having is finding the user that was added or removed, amongst the other users in the array, or the delta, if you will.

In other words, if I have user A and user B already selected on the picker, and add user C, how do I isolate the display name or ID of user C as a smart value?
As well as this, if user A, B and C are already added, and user C is removed, how would I isolate user C to the same effect?

This would allow me to run the rule with additional steps, such as send email, though only to user C, and not the other users already listed on the picker users A and B)

I want to do this for both an add and remove step for manage watchers.

I suspect I need to use the fieldChange or changelog smart value, though am having trouble finding the right syntax.

Help much appreciated :)

1 answer

1 accepted

0 votes

Answer accepted

"They won't let a JIRA app server connect to uncontrolled servers on the public Internet.". Paranoia sometimes pays back ...

"To download, install or upgrade JIRA plugins, I need the server to open connections to Atlassian servers using HTTP and / or HTTPS. Is there any other feature that needs this?"

No, you do not need it, you can do it manually each time.

AFAIK: outgoing connections are: HTTP / HTTPS to all domain atlassian.com. Depending on the plugins, you may need connections to the plugins sites as well.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Radu, thanks for your answer.

"HTTP / HTTPS to all domain atlassian.com."

Yes, that would be my first guess as weel. However, a network capture tells me that JIRA is contacting "63-246-22-216.contegix.com". I understand that Contegix is Atlassian's hosting partner (http://confluence.atlassian.com/display/EHOSTING/Contegix+Hosting), so I guess I need to add that as well.

Anything else?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

I never caught it going to contengix.com (but, of course, I believe you). But my advice would be that if you want to secure it as much as possible, cut all and install manually the needed plugins.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Prevent the UPM from even attempting it with -Dupm.pac.disable=true.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Thanks again. Here is the summary I will submit to my IT dept:

Protocols/ports:

User interface: HTTPS/8443
JIRA e-mail notification: outgoing SMTP/25.
Allow for incoming SMTP, so that users can reply to notification e-mail (rather than using the Web user interface)
Database server: MySQL/3306. Currently running on the JIRA server itself.
JIRA management: HTTPS/8443
JIRA management also needs outgoing access to the Internet: HTTP/80 and HTTPS/443. Known servers are *.atlassian.com and *contegix.com. Other servers may be needed in the future.
Linux management, including JIRA maintenance: SSH/22
System e-mail: SMTP/25.
File upload/download: SFTP/22, also occasionally using Windows File Sharing (Samba) on our lab server

I am not mentioning other protocols such as DNS or NTP which I assume are part of the corporate network infrastructure.

Did I miss anything?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Your question was about access through the firewall to the public internet. Nearly none of those ports should be through the firewall, eg your SMTP server, database etc will all be inside the firewall.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Completing Jamie's answer: if you plan to use Jira ONLY from your corporate network, you should not allow even incoming http and https from Internet. Otherwise, completely agree with his comment above.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Yes, your systems admin guys will be fired if they agreed to what you are suggesting anyway;-) Particularly ssh - if that was allowed we wouldn't have the fun of doing reverse tunnelling through socks proxies.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Yes, almost all of the network connections I listed are bound to remain within the corporate network. The only one that might be allowed (depending on the paranoid IT guys ;-) is this one:

JIRA management also needs outgoing access to the Internet: HTTP/80 and HTTPS/443. Known servers are *.atlassian.com and *contegix.com. Other servers may be needed in the future.

Thanks again for your comments. I consider the question answered.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Forums

Q&A

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Remove user from watcher from user picker custom field (Automation)

1 answer

1 accepted

Suggest an answer

Was this helpful?

Thanks!

TAGS

Community showcase

Atlassian Community Events