Jira Server

This integration is provided as an Open Authorization API (OAA) connector package. Contact our support team for more information.

Jira Server

OAA Connector for self-managed Jira Server. Connector discovers Jira Server users and group permissions to Jira Projects based on their Jira Application Roles, Project Roles and Project Permission Scheme.

Veza OAA Application Mappings

Jira Server OAA Application Notes

Jira Server	OAA Application	Notes
Server	Application
User	Local User
Group	Local Group
Project	Resource, type `Project`
Application Role	Local Role	Application assignments (e.g. Jira Software) as assigned to Groups as a Local Role

Server

Application

User

Local User

Group

Local Group

Project

Resource, type Project

Application Role

Local Role

Application assignments (e.g. Jira Software) as assigned to Groups as a Local Role

Properties

The following properties are collected:

Entity Property Description

Entity	Property	Description
User	`email`	User's email
User	`key`	Jira Key identifier assigned to user
User	`deleted`	Boolean True if user is deleted
Role	`project_key`	Key of Project for Project Roles
Project	`key`	Current Jira Key for project
Project	`project_keys`	List of historic and current project keys
Project	`project_lead`	Login of project lead
Project	`archived`	Boolean for if archived
Project	`has_public_permissions`	True if any permission on project is public
Project	`public_permissions`	List of Project Permissions that are public

User

email

User's email

User

key

Jira Key identifier assigned to user

User

deleted

Boolean True if user is deleted

Role

project_key

Key of Project for Project Roles

Project

key

Current Jira Key for project

Project

project_keys

List of historic and current project keys

Project

project_lead

Project

archived

Boolean for if archived

Project

has_public_permissions

True if any permission on project is public

Project

public_permissions

List of Project Permissions that are public

Project Permission Schemes

Jira Permission Schemes can grant users and groups permissions on Project through multiple mechanism. Depending on how the permission is assigned the permission can show up differently in Veza. A single permission can be assigned multiple ways.

* Application Role - Permission is assigned to the Groups that hold the Application Role.
* Project Role - The permissions are added to the Project Local Role. Role holders (users/groups) are assigned the role on the project.
* User - Permission is assigned directly to the Local User.
* Group - Permission is assigned directly to the Local Group.
* Project Lead - Permission is assigned directly to the Local User configured as Project Lead.

The following assignment types are not currently supported. These permissions would only apply to specific items inside the project and not the project as a whole: * Reporter * Assignee * Group By Custom Field

Public permissions (Anyone) are represented as a property on the Project. The custom property has_public_permissions will be True if the Project has any public permissions. The public permissions are listed in the public_permissions property on the Project.

Global Permissions

The connector does not currently support the discovery of global and system-level permissions.

Jira Server Version

The connector is currently tested with Jira Server version 9.6

Setup

Jira Server

Generate a Personal Access Token for a user Administer level permissions.
1. If automatic expiry is enabled token a new token will have to be configured for the connector before the first expires.

Jira Server has configurable API limits, increasing or exempting for the calling user from these limits can avoid issues

Veza API Key

Generate an API key for a Veza admin user. API keys can be managed in the Veza interface under Administration -> API Keys. For detailed instructions consult the Veza User Guide.

Running the Connector

Command Line

With Python 3.8 or higher install the requirements either to a virtual environment, user or system.
```
pip3 install -r requirements.txt
```
Set the Veza API key and Bitbucket authorization environment variables. All other parameters can either be passed as environment variables or command line arguments.
```
export VEZA_API_KEY=<Veza API key>
export JIRA_TOKEN=<Jira Server Personal Access Token>
```
Note: for Windows environments use the set command instead of export and do not include quotation marks around the parameter values

Run the connector:

 ./oaa_jira_server.py --jira-url https://myjira.example.com --veza-url https://myveza.vezacloud.com

Application Parameters & Environment Variables

Parameter Environment Variable Required Notes

Parameter	Environment Variable	Required	Notes
`--jira-url`	`JIRA_URL`	Yes	URL of Jira Server instance
n/a	`JIRA_TOKEN`	Yes	User personal access token
`--veza-url`	`VEZA_URL`	Yes	URL of Veza instance
n/a	`VEZA_API_KEY`	Yes	Veza API key
`--save-json`	n/a	No	Save the OAA JSON to file before upload
`--debug`	`OAA_DEBUG`	No	Enable OAA debug, for environment variable set to any value

--jira-url

JIRA_URL

Yes

URL of Jira Server instance

n/a

JIRA_TOKEN

Yes

User personal access token

--veza-url

VEZA_URL

Yes

URL of Veza instance

n/a

VEZA_API_KEY

Yes

Veza API key

--save-json

n/a

Save the OAA JSON to file before upload

--debug

OAA_DEBUG

Enable OAA debug, for environment variable set to any value

PreviousHubspot NextLooker

Last updated 5 months ago