Hi everyone,
I’m in the process of migrating a Jira plugin from Connect to Forge. I’ve already converted the Connect descriptor into a Forge manifest and am currently replacing the jira:webhook Connect module with the corresponding Forge product events.
While doing this, I encountered a permissions issue. Some events that were previously working fine as webhooks in the Connect module—such as issue type events or filter events—now require me to add new permission scopes, such as manage:jira-configuration or other granular scopes.
Adding these new scopes triggers a major version update of the app. My question is:
Why is a major version update required in this case, especially considering that the app already had the necessary permissions via its Connect scopes, and the corresponding webhooks were already functional with the Connect modules? Why does this transition result in a breaking change?
2 Likes
Hey @ArtemSmirnov,
Could you please share which Forge events you’re looking to subscribe to and your current app’s Connect scopes? We support a pathway to moving existing Connect installations to Forge based upon these scope mappings.
In particular, I had filter_updated and issuetype_updated webhooks declared as connectModules, along with the read:connect-jira, write:connect-jira, and admin:connect-jira permission scopes.
Later on, I attempted to reimplement these using the product events avi:jira:updated:issuetype and avi:jira:updated:filter. To support this, I also added the read:filter:jira, read:jql:jira, and read:issue-type:jira permission scopes. And deploying of the new version is causing a major update.
Hey @ArtemSmirnov,
Thanks for the clarification. The good news is that these scopes will all be inherited from admin:connect-jira, as they do not elevate permissions beyond what was available there.
It sounds like your app is already on Forge. Whenever a scope change occurs on Forge, a semantic major version update will occur at that time. To help alleviate this, we’ve introduced the version bulk-upgrade command in the Forge CLI which enables you to bring customers on previous major version to your latest major version where the change you’ve implemented does not elevate permissions and therefore does not require admin approval.
1 Like
Got it! Thank you for explanation!