Add customize jira issue option for vulnerabilities with integration setting
What does this MR do and why?
Related #478824 (closed), #478829 (closed), #482042 (closed), &14866 (closed), #454279 (closed)
Add customize jira issue option for vulnerabilities with integration setting.
This adds a new setting called customize_jira_issue_enabled
to the
jira integration settings. It is disabled by default. Once enabled,
it allows creating Jira issues for vulnerabilities via the old way, which we recently removed.
The old way redirects the user to the Jira issue creation form with vulnerability data
pre-filled where they can review, modify, or add information. The current jira issue creation method uses a GraphQL mutation which creates the issue in the background and does not redirect you away from GitLab.
Some customers relied on the old Jira issue creation method heavily. They can still fill in extra info in the Jira issue form before creating the actual issue. In some cases the new method even breaks their workflow because they can't create a Jira issue with the GraphQL mutation because their setup expects a required custom field which is not provided. With this setting, customers can use the previous way of Jira issue creation for vulnerabilities by enabling the setting on the Jira Integration (both project and group level).
The work is not split up in multiple MRs so we can introduce this without the need of a feature flag.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Create Jira issue directly (GraphQl)
Before | After |
---|---|
Customize Jira issue (via form)
Customize Jira issue Jira integration setting
How to set up and validate locally
Prerequisites
- You need an EE license
- You need to have runners enabled (See $2408961 for setting up a runner)
- Import https://gitlab.com/gitlab-examples/security/security-reports
- Run a pipeline on master
Enable the Jira integration for a project:
- Create a Jira test project at https://jira.atlassian.com/ and get an API key at Account settings > Security
- Navigate to the security-reports project you just imported
- Go to Settings > Integrations > Jira
- Enable the integration and fill out the form
- Enable "Jira Issues" and "Issue creation from vulnerabilities" and Save
Validate
- Go to the vulnerability report on the security-reports projects, click any vulnerability, click on "Create Jira issue". Validate that this creates an issue in the background (no redirection) and once the loading spinner is done, an entry gets added in the "Related Jira issues" card with a Jira issue for that vulnerability
- Go to Settings > Integrations > Jira
- Enable "Customize Jira issues" and Save
- Go to another vulnerability on the vulnerability report, notice the "Create Jira issue" now has an external link icon. Click it, and validate it redirects to your Jira instance to an issue form. Fill in the reporter (mandatory) and create the issue. Go back to your GitLab vulnerability details page and refresh. The Jira issue should also be in the "Related Jira Issues" card.