Issue Summary

At this time, according to the Add restrictions to automation components when restricting components related to the (for instance) Send Slack message action in automation, there's no possibility of using wildcards

Thus, the webhook URLs have to be exact and can't be restricted to (for instance) a specific workspace as a whole.

This feature is particularly important due to security concerns. Using the allow list with explicit Webhook URLs exposes all the URLs in use in the entire system to any Jira project admin. Any user can misuse each other’s Webhook URLs, which is quite concerning. Slack Webhook URLs should be treated as secrets.

The wild card would mitigate the security issue with minimal effort. Then, we could simply include the workspace ID and allow all webhooks from that specific workspace.

Steps to Reproduce

1. In Jira Cloud, navigate to Settings -> System -> Global automation -> click on the ellipsis (...) icon and select Configure components (Enterprise license is required to see that option).
2. Click on the Configure button next to the Send Slack message component, and try to add a wildcard while specifying the URL. Like in the example below.

https://hooks.slack.com/services/<yourSlackWorkspaceId>/* 

Expected Results

While configuring automation rules, making use of the Send Slack message action, any webhooks from the given workspace should be accepted.

Actual Results

An error is thrown while saving the automation rule, stating that "This value isn't on the allowlist set by your admin".

Workaround

Currently, there is no known workaround for this behavior, and you will have to set specific (whole) URLs while adding restrictions. A workaround will be added here when available