Jira Account
Overview
Account resource in IDHub maps to User in Jira. If the User Account is a member of a Group, the corresponding Group is shown in the Groups array along with the details of the User Account when the corresponding REST API is called. To fetch the different Project Roles that the user can view, all Projects in Confluence Cloud domain needs to be fetched and along with the different roles applicable to the User Account.
After creating a directory in the Atlassian Admin account for a specific domain, the provisioning APIs for the User Resource can be called using the directoryId.
Account Resource Schema Configuration
Resource Type
The Resource Type for Account is :
{
"schemas" : [
"urn:ietf:params:scim:schemas:core:2.0:ResourceType"
],
"id" : "Account",
"name" : "Account",
"description" : "This resource creates/modifies/deletes accounts in Jira and returns your query to you in some form depending on the normal format of the endpoint (Resource or ListResponse).",
"endpoint" : "Accounts",
"schema" : "urn:sath:params:scim:api:confluence:1.0:Account"
}
User Schema
To fetch User resource schema from SCIM provider, call https://api.atlassian.com/scim/directory/{directoryId}/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
API with Authorization and Accept request header. The response of the API is shown under the heading Atlassian User Schema. The schema of the IDHub Account is as shown :
Note : All resource body for the User Provisioning APIs should be in the format of Atlassian User Schema to avoid BadRequestException
Atlassian User Schema | IDHub Account Schema |
---|---|
CODE
|
CODE
|
Sample User
A sample User created in Jira is given below
{
"schemas": [
"urn:scim:schemas:extension:atlassian-external:1.0",
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"urn:scim:schemas:extension:atlassian-external:1.0": {
"atlassianAccountId": "607d3d5ef74b3f006a03a61g"
},
"id": "ff2862db-864d-48db-93a4-162e2427ee7b",
"userName": "Jerome",
"name": {
"formatted": "Jerome A.",
"familyName": "Andrews",
"givenName": "Jerome"
},
"displayName": "Jerome",
"active": true,
"emails": [
{
"type": "WORK",
"value": "jerome@example.com",
"primary": true
}
],
"groups": [
{
"display": "Developers Group",
"type": "Group",
"value": "d84adcec-0818-4852-aad3-cbe79a614e1c",
"$ref": "https://api.atlassian.com/scim/directory/{groupId}/Groups/{directoryId}"
}
],
"meta": {
"created": "2021-06-14T13:54:45.689667Z",
"location": "https://api.atlassian.com/scim/directory/{directoryId}/Users/{userId}",
"lastModified": "2021-06-14T13:54:45.689667Z",
"resourceType": "User"
}
}
Group Membership Schema
The schema of a GroupMembership object to add accounts as group members is shown :
"Operations":[
{
"op":"add",
"path":"members",
"value":[
{
"value":"c6993c94-dbda-40f1-b6f0-18c855522ade",
"display":"dave.meyer@demotime.authteam.com"
},
{
"value":"f0ae48f7-1466-445e-85ea-e83ef754aefd",
"display":"lingbo.lu@demotime.authteam.com"
},
{
"value":"432d6f10-2e28-454e-be99-0f8c732a046f",
"display":"joanna@demotime.authteam.com"
}
]
}
]
Project Role Schema
The schema of a Project Role object to add spaces with permissions to an account is shown :
{
"self": "https://your-domain.atlassian.net/rest/api/3/project/MKY/role/10360",
"name": "Developers",
"id": 10360,
"description": "A project role that represents developers in a project",
"actors": [
{
"id": 10240,
"displayName": "jira-developers",
"type": "atlassian-group-role-actor",
"name": "jira-developers",
"actorGroup": {
"name": "jira-developers",
"displayName": "jira-developers"
}
},
{
"id": 10241,
"displayName": "Mia Krystof",
"type": "atlassian-user-role-actor",
"actorUser": {
"accountId": "5b10a2844c20165700ede21g"
}
}
],
"scope": {
"type": "PROJECT",
"project": {
"id": "10000",
"key": "KEY",
"name": "Next Gen Project"
}
}
}
Implementation
The following methods of the target system connector interface defined in the connector SPI needs to be implemented for Account resource.
Get Schema
CODE
|
Get Resource Type
CODE
|
Get SCIM Resource Service Information
CODE
|
Get Health
CODE
|
Create Resource
CODE
|
Get Resource
CODE
|
Replace Resource
#Note : The observations made while performing update operation are :
If no primary email is sent in the request body, Bad Request exception is thrown.
If the same primary email is sent in the request body, no change is reflected.
If different primary email is sent in the request body, all changes are reflected.
The alternative approach is :
If primary email of the payload is same as current primary email of the user account, then call
patchResource(String, PatchOp)
method with appropriate parameters desired in the final accountIf primary email of the payload is different from the current primary email of the user account, then call the update API with the given payload.
CODE
|
Update Resource
CODE
|
Delete Resource
CODE
|
Search Resource
public ListResponse searchResource(SearchRequest searchRequest) throws BadRequestException, PayloadTooLargeException, InternalServerErrorException, NotImplementedException {
if the filter parameter is empty
return all(*) instances of the given resource type are returned
call https://api.atlassian.com/scim/directory/{directoryId}/Users with Authorization and Accept as headers to fetch Accounts with their entitlements
in case of multiple pages, pagination can be done using startIndex and count in query parameters passed as the token
if searchRequest is unparsable, syntactically incorrect, or violates schema
throw BadRequestException
if payload size in bytes exceeds the max payload size
throw PayloadTooLargeException
if error occurs during resource search
throw InternalServerErrorException
if no logic is implemented
throw NotImplementedException
return the list of resource objects matching the searchRequest
}