Launchpad itself

Merge ~andrey-fedoseev/launchpad:jira-bug-watch into launchpad:master

  1. Git
  2. lp:~andrey-fedoseev/launchpad
  3. jira-bug-watch
  4. Merge into master
Proposed by Andrey Fedoseev
Status: Needs review
Proposed branch: ~andrey-fedoseev/launchpad:jira-bug-watch
Merge into: launchpad:master
Diff against target: 873 lines (+742/-5)
9 files modified
lib/lp/bugs/externalbugtracker/__init__.py (+2/-0)
lib/lp/bugs/externalbugtracker/base.py (+8/-3)
lib/lp/bugs/externalbugtracker/jira.py (+268/-0)
lib/lp/bugs/externalbugtracker/tests/test_externalbugtracker.py (+1/-1)
lib/lp/bugs/externalbugtracker/tests/test_jira.py (+432/-0)
lib/lp/bugs/interfaces/bugtracker.py (+9/-0)
lib/lp/bugs/model/bugwatch.py (+11/-0)
lib/lp/bugs/tests/test_bugwatch.py (+9/-0)
lib/lp/services/config/schema-lazr.conf (+2/-1)
Reviewer Review Type Date Requested Status
Colin Watson (community) Approve
Review via email: mp+433103@code.qastaging.launchpad.net

Commit message

Add external bug tracker for JIRA

To post a comment you must log in.
Revision history for this message
Colin Watson (cjwatson) wrote :

This looks like a perfectly reasonable first-pass implementation, and I'm fine with landing it as far as it goes.

We'll need to be careful about the credentials handling. The existing `checkwatches.credentials` stuff was intended for cases where the bug tracker itself is essentially public but we need some kind of credentials for Launchpad to connect to it anyway, either out of politeness (credentials allow our sync script to be identified unambiguously), or to gain access to higher rate limits (as in the GitHub/GitLab cases), or because we need to push comments (for Bugzilla). In this case, though, the credentials are partly also being used because the remote bug tracker is private, which is a very different matter: if we were to configure these credentials on production, it would mean that anyone could discover information about the status of a given Jira issue by guessing its URL and adding a bug watch for it. Not a very serious information leak since it only tells you the remote status and importance, but nevertheless probably not something we should leave designed into the system in case somebody wants to extend it in future to gather more information. I think it's fine to leave an XXX comment about this for now, though, as it doesn't become a problem until we configure credentials; perhaps we could change some other part of the system to restrict who can add such bug watches, or restrict them to certain projects, or something like that.

Having gathered requirements for Launchpad/Jira integration, I also think this will probably not address those requirements on its own (though it may be a component of the eventual solution). I've belatedly written down what I know so far here: https://docs.google.com/document/d/1CiEgo-CHX8Go0lTAdryqKCeFxaVnBq49QVkfBshX28M

review: Approve
Reply

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches

to status/vote changes: