Defect Dojo can't connect to JIRA - HTTP 500/ Issue not created in JIRA

[nbublikov]

Bug description
I can't integrate Defect Dojo with JIRA. After filling in the configuration, the error "unable to authenticate, wrong password or ext .." but always right. Done with instruction https://defectdojo.readthedocs.io/en/latest/features.html#jira-integration

Steps to reproduce
Steps to reproduce the behavior:

when i click 'submit' in the UI i get this error in the logs

Expected behavior
I expect that the configuration with findinds will be added, marked active and verified will be launched in JIRA

Deployment method (select with an X)

• Kubernetes
• Docker
• setup.bash / legacy-setup.bash

Environment information

• Operating System: Ubuntu 18.04

If additional information is required, please write

[madchap]

It seems you're integrating with JIRA servicedesk and not JIRA software. It's possible that the API is not the same, hence why it'd be failing.

The JIRA integration is only tested on JIRA software.

[nbublikov]

now a Jira Software + Jira SD instance, i.e. on one instance and then and then.

Could this be a problem?

[madchap]

It's not because they run on the same instance that the products share the same APIs.

[nbublikov]

We sorted it out!!! On the JIRA side there were problems with the JIRA account rights

But there another question. I have project with finding and i want to push this finding in JIRA

I tap this

Then

Then i tap

Then

But issue in JIRA was not created, whats wrong in this way?

[nbublikov]

Nothing in logs, after successfull add JIRA configuration

[nbublikov]

or example with active, verified finding, but no issue in JIRA was created

[valentijnscholten]

1: What version / branch / commit are you running
2: defect review has nothing to do with JIRA. To push to jira go to edit finding and on the bottom check push to jira checkbox and press save/submit/done

[nbublikov]

1. Tell me please, do you mean which version of defect dojo I'm using? Defect Dojo 1.7.1
2. Reproduce step
   

After finished

Nothing in logs

[nbublikov]

In settings it connect to JIRA

[valentijnscholten]

Please update to 1.9.0 or latest dev

[nbublikov]

Thank you! Either today or on Monday we will update and write how it goes

[nbublikov]

update to 1.9.0, something goes on

[valentijnscholten]

If you click see all alerts you can see the error. I doubt the error in the logs is from jira integration as it doesn't use oauth but basic authentication to connect to JIRA.

[nbublikov]

I will try to make finding Active and Verified

[valentijnscholten]

yeah, jira integration runs in the background so it's not always clear.

[nbublikov]

Ok!

1. I select finding
   

2. checkbox at verified, active
   

4. This finding
   

5. Select this finding and click there
   

6. This error in logs
   

7. In UI error log nothing about last finding 1098
   

In JIRA in project SECURE, no new issues

Maybe somethins wrong, maybe need restart dojo?

[valentijnscholten]

check the uwsgi and celery logs. just this one logline about oauth2 doens't really provide any insight.

[nbublikov]

not very informative, right? (

[nbublikov]

Perhaps only Oauth2.0 is configured in JIRA and basic is disabled, I will clarify

[nbublikov]

Good day! Clarified.

1.OAuth2.0 is used in JIRA
2. Basic auth is also used in JIRA and it is not disabled

Any ideas?

[nbublikov]

it's maybe similar issue?
#1487

[nbublikov]

I also looked at this script, I don't see any mention of OAuth.2.0, hmmm

django-DefectDojo/dojo/jira_link/views.py

Line 79 in 9e850dc

def new_jira(request):

I do not understand the reason for the error

[nbublikov]

Here's what I found.

1. When the defectdojo creds knocks on the jira - all the rules (Authorization passed).
2. When sending a webhook from jira - 403 error

httpclient-callbacks: thread-1627 WARN anonymous [cawebhooks.plugin.PublishTaskFactoryImpl $ PublishTaskImpl]

Client error - 403 when posting to webhook at https: //defectdojo.trarara.co/webhook/ '

[nbublikov]

I tried curl from the server jira address above -

<h1> 403 </h1>
    <hr />
    <h2>
        You don't have permission to do that. Contact your administrator for additional accesss.
    </h2>

[nbublikov]

@valentijnscholten

[nbublikov]

I think it's on jira side https://confluence.atlassian.com/jirakb/webhook-fails-with-http-403-forbidden-989759150.html

[nbublikov]

Hi! I think we found error, but what is the best thing to do with it? Can this be the case in 1.9.1 too?
log.txt

[valentijnscholten]

What kind of project is it? next gen projects can give this error.
Or are you saying it starts working if the jira account has admin rights?

[nbublikov]

Hi! It's not start working.

1. What you mean "next gen projects"?
   next gen project is in JIRA Cloud, as I understand it, we don't have this, I have regular jira software, so it should be ok

2.attached 2 screenshots, with errors, when JIRA service account with and without global admin rights, according #3180 (comment)

Should JIRA have previously created the necessary issue types, for example: low, medium, high, etc ...?

[nbublikov]

The logs showed that he was trying to create a security task in the secure project. There is such a project, but there is no task type.

I am trying to transfer from Security to Task, I get an error,

I already saw that you are preparing a fix, we will update and I will try to do everything and write

UPD; after update to 1.9.2 config was successfully added, thanks!

[nbublikov]

Latest status:

kubectl -n prod logs -f defectdojo-celery-worker-xyz | grep "jira"

1. I see this error
   log JIRA-DD 1.9.2.txt

2. Question: Should JIRA have previously created the necessary issue types, for example: low, medium, high, etc ...?

[valentijnscholten]

No. You need to configure the correct values in DD that are existing in your JIRA instance.

[nbublikov]

Should I somehow modify these types in JIRA?

[nbublikov]

Question: We have status id and category id
What id i should paste here?

[valentijnscholten]

Better come to slack for support: https://github.com/DefectDojo/django-DefectDojo#getting-involved

[nbublikov]

It was about the license. It was for Jira SD but not for Jira Software)