Hello, I am trying to create REST endpoint to query JIRA REST API in the same instance of JIRA and I have some issues with authorization. While I can use basic authorization, I need to use current logged user context and get rid of hardcoded credentials in endpoint source code.
Here is my script based on some examples on adaptivist site:
import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovyx.net.http.HTTPBuilder import org.apache.http.HttpRequestInterceptor; import org.apache.http.HttpRequest; import org.apache.http.protocol.HttpContext; import groovy.json.JsonSlurper; import groovy.json.JsonBuilder; import groovyx.net.http.Method import groovyx.net.http.ContentType import groovy.transform.BaseScript import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response @BaseScript CustomEndpointDelegate delegate listProjects( httpMethod: "GET") { MultivaluedMap queryParams -> def JIRA_REST_URL = "https://jira-test" def JIRA_API_URL = JIRA_REST_URL + "/rest/api/2/project" def httpBuilder = new HTTPBuilder(JIRA_API_URL); httpBuilder.client.addRequestInterceptor(new HttpRequestInterceptor() { void process(HttpRequest httpRequest, HttpContext httpContext) { httpRequest.addHeader('Authorization', 'Basic ' + 'user:pass'.bytes.encodeBase64().toString()) } }) def rt = [:] def projects = httpBuilder.request(Method.GET, ContentType.JSON) { uri.path = "/rest/api/2/project" response.failure = { resp, reader -> log.warn("Failed to query JIRA API: " + reader.text) } } rt = [ items: projects.collect { project -> [ value: project.id, html : project.key, label: project.key, ] } ] return Response.ok(new JsonBuilder(rt).toString()).build(); }
P.S. I am trying to get project list and issue type list and then use convertToSingleSelect() functionality, may be it is possible to do internally, without REST API calls.
Hey Максим,
If I understand your request correctly, you would like a Custom REST Endpoint where only authenticated JIRA users can retrieve a list of project information.
I have written an example script that will achieve this using the ScriptRunner REST Endpoints. This example will give you a list of projects with their corresponding issue types.
import com.atlassian.jira.component.ComponentAccessor import com.onresolve.scriptrunner.runner.rest.common.CustomEndpointDelegate import groovy.json.JsonBuilder import groovy.transform.BaseScript import javax.servlet.http.HttpServletRequest import javax.ws.rs.core.MultivaluedMap import javax.ws.rs.core.Response @BaseScript CustomEndpointDelegate delegate getProjects(httpMethod: "GET", groups: ["jira-users"]) { MultivaluedMap queryParams, String body, HttpServletRequest request -> // Get the projects def pm = ComponentAccessor.getProjectManager() def projects = pm.getProjects() def rt = [ items: projects.collect { project -> [ value : project.id, html : project.key, label : project.key, issueTypes: project.getIssueTypes().collect { issueType -> [ id : issueType.id, name: issueType.name ] } ] } ] return Response.ok(new JsonBuilder(rt).toString()).build() }
Enforcing Users
The way that this enforces users is that I have set the groups parameter to "jira-users" (line 12). This means that ONLY authenticated JIRA users who are in the jira-users group can access this resource.
You could also achieve this by getting the user and checking it yourself. An example of this approach is in the SR documentation. I would recommend the approach that I have demonstrated as it is more maintainable.
Getting a list of projects
As you suggested in your post, you can get the projects and issue type data without the need to make a call to another rest endpoint. The example I have given you demonstrates how to do this using the ProjectManager utility.
Hello, Stephen. Thank you for your answer. It was really like I had been trying to reinvent the wheel with my attempts to use JIRA REST. Your solution is exactly what I need.
P.S. I also have found solution for my auth problem : I've forwarded Cookie header from initial endpoint request to JIRA REST.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Максим,
How did you forwarded the Cookie? I ran into the same problem as you - I want to use HTTPBuilder but as a currently logged in user but by default all requests are being sent as anonymous.
Regards,
Bartek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Stephen Cheesley _Adaptavist_,
Thanks for the solution, but what if the new rest end-point is being called from behaviour or post-function within the same jira instance? how the authentication would be managed? As far as I could test, current user context authentication is not accessible and can not be cascaded to the rest end-point. Is my understanding the right one?
Thanks in advanced,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Stephen Cheesley _Adaptavist_
your suggestion worked like a charm for my rest point associated to a behaviour!
Thanks,
Alberto
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great to hear @Alberto Carrani ! Happy Scripting :-)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.