Error setting project property from add-on web panel

Latest versions of Jira has deprecated the ability for add-ons to show webPanels based on remote conditions, so I’m trying to move the conditional check to Jira project properties, along with related remote project properties.
My web panel is configured to show up in the Jira Project Settings, and I’m trying to set some Jira Project properties from my addon, authenticated with JWT.

I have a local development setup using “atlas-run-standalone”, and an add-on project based on https://bitbucket.org/atlassianlabs/atlassian-connect-jira-example

The local setup works perfectly, but when trying in our cloud test environment I get an 401 error when trying to read or write updates to Jira projects.

Here’s a stripped down version of the code, only trying to read a property:

app.get('/project-admin', addon.authenticate(), function (req, res) {
var httpClient = addon.httpClient(req);
var jiraProjectId = req.query.projectId;
httpClient.get(
{ uri: "/rest/api/2/project/" + jiraProjectId + "/properties/ardoqSettings" }
, function (error, response, body)
{ delete response.body; console.log('Jira response 1', JSON.stringify(response)); }
);
}

The request URI from Jira:

'/project-admin?projectId=10301&tz=Europe%2FBerlin&loc=en-US&user_id=kristian&user_key=kristian&xdm_e=https%3A%2F%2Fardoq-dev.atlassian.net&xdm_c=channel-ardoq-add-on__project-admin-panel&cp=&xdm_deprecated_addon_key_do_not_use=ardoq-add-on&lic=none&cv=1.3.57&jwt=<removed for this post>'

This gives a 401 response. Here is the log output:

Jira response 1 {"statusCode":401,"headers":
{"server":"Atlassian Proxy/0.5.80","atl-vtm-backend-time":"162","content-type":"text/html;charset=ISO-8859-1","strict-transport-security":"max-age=315360000; includeSubDomains; preload","date":"Wed, 07 Jun 2017 09:12:35 GMT","transfer-encoding":"chunked","atl-vtm-time":"251","x-content-type-options":"nosniff","connection":"close","atl-vtm-queue-time":"0"}
,"request":{"uri":
{"protocol":"https:","slashes":true,"auth":null,"host":"ardoq-dev.atlassian.net","port":443,"hostname":"ardoq-dev.atlassian.net","hash":null,"search":null,"query":null,"pathname":"/rest/api/2/project/10301/properties/ardoqSettings","path":"/rest/api/2/project/10301/properties/ardoqSettings","href":"https://ardoq-dev.atlassian.net/rest/api/2/project/10301/properties/ardoqSettings"}
,"method":"GET","headers":
{"Authorization":"JWT <removed for this post>","User-Agent":"atlassian-connect-express/1.0.14"}
}}

I found this documentation: https://developer.atlassian.com/static/connect/docs/latest/scopes/jira-rest-scopes.html

It states that permissions for /rest/api/{version}/project/.+/properties/.+ is N/A for GET, POST and DELETE, and WRITE scope is needed for PUT. This doesn’t seem to correspond to the error I’m experiencing, which returns 401 for both GET and PUT. Is this relevant?

Here’s my atlassian-connect.json:

{
    "key": "ardoq-add-on",
    "name": "Ardoq",
    "version": "2.0.0",
    "description": "This add-on let's you integrate Jira with Ardoq.",
    "vendor": {
        "name": "Ardoq AS",
        "url": "http://www.ardoq.com"
    },
    "baseUrl": "{{localBaseUrl}}",
    "links": {
        "self": "{{localBaseUrl}}/atlassian-connect.json",
        "homepage": "{{localBaseUrl}}/atlassian-connect.json"
    },
    "authentication": {
        "type": "jwt"
    },
    "scopes": ["read", "write", "delete", "project_admin", "admin"],
    "lifecycle": {
        "installed": "/installed",
        "uninstalled": "/uninstalled"
    },
    "modules": {
        "jiraProjectAdminTabPanels": [
            {
                "location": "projectgroup4",
                "url": "/project-admin?projectId={project.id}",
                "weight": 100,
                "key": "project-admin-panel",
                "name": {
                    "value": "Ardoq Integration"
                }
            }
        ],
        "webPanels": [
            {
                "location": "atl.jira.view.issue.left.context",
                "url": "/connect-issue?projectId={project.id}&issueId={issue.id}",
                "weight": 500,
                "key": "ardoq-link-issue",
                "name": {
                    "value": "Ardoq integration"
                },
                "conditions": [
                    {
                        "condition": "entity_property_equal_to",
                        "params": {
                            "entity": "project",
                            "propertyKey": "ardoqSettings",
                            "objectName": "isEnabled",
                            "value": "true"
                        }
                    }
                ]
            }
        ]
    }
}

Hi, @kristian.

the use of atlas-run-standalone for development of Atlassian Connect add-ons has been unsupported for over a year (see Atlassian introduces new cloud development environment. Note that you will be running an older version of JIRA locally, which is guaranteed to behave differently from JIRA Cloud.

The documentation for our REST API scopes currently leaves a bit to be desired. (But we are in the process of rolling out a revamped version!). The entry for /rest/api/{version}/project/.+/properties/.+ on that page builds upon that for /rest/api/{version}/project. So while requests to all resources under /project typically require READ scope for GET and PROJECT_ADMIN scope for POST, PUT and DELETE, we loosened the requirement for project properties to allow manipulation by add-ons with WRITE scope.

I’m not sure why your requests fail though.

Can you successfully read project information (GET /rest/api/2/project/{projectIdOrKey}) and list project properties (GET /rest/api/2/project/{projectIdOrKey}/properties)?

Can you successfully write any other data to JIRA?

1 Like

Thanks for your reply. I wasn’t aware that the standalone had been deprecated! The problems I’m experiencing is with a cloud version of Jira. I’m not sure if it’s the development environment version or something else. It states version JIRA v1001.0.0-SNAPSHOT in the About Jira dialog.

I seem to consistently get a 401 on all endpoints, for instance GET /rest/api/2/serverInfo, as well when using the httpClient in the webPanel.

{"statusCode":401,"headers":{"server":"Atlassian Proxy/0.5.80","atl-vtm-backend-time":"168","content-type":"text/html;charset=ISO-8859-1","x-b3-sampled":"1","strict-transport-security":"max-age=315360000; includeSubDomains; preload","date":"Mon, 12 Jun 2017 13:09:42 GMT","atl-traceid":"593e9296b602d8ab","transfer-encoding":"chunked","atl-vtm-time":"258","x-content-type-options":"nosniff","connection":"close","atl-vtm-queue-time":"0"},"request":{"uri":{"protocol":"https:","slashes":true,"auth":null,"host":"ardoq-dev.atlassian.net","port":443,"hostname":"ardoq-dev.atlassian.net","hash":null,"search":null,"query":null,"pathname":"/rest/api/2/serverInfo","path":"/rest/api/2/serverInfo","href":"https://ardoq-dev.atlassian.net/rest/api/2/serverInfo"},"method":"GET","headers":{"Authorization":"JWT <removed for this post>","User-Agent":"atlassian-connect-express/1.0.14"}}}

It works when using curl with user name and password from my laptop.