Project role "atlassian-addons-project-access" is not added in the security schemes's levels right after S2C migration causing migration of certain apps to fail (for example Xray)

XMLWordPrintable

    • 12
    • Minor
    • 91

      Issue Summary

      When migrating S2C a project with app data, if the entities of the project do not exist on cloud they are being imported from server based on the exported data. When the migration of core data ends, the app migration starts -> if at that point certain issues in the scoped projects are under a security scheme, the app migration will fail as the app user will not have access to find/ modify the issue, unless the cloud Project role "atlassian-addons-project-access" is added on the security scheme OR prior to the migration on server there is a grant in the security level to any "logged in" user, which would cancel the entire purpose of setting a security scheme for the issues.

      However, there is a mechanism that automatically adds the aforementioned project role on Cloud, yet it is being triggered at a later point in time, after the migration actually fails.

      Steps to Reproduce

      1. Create a project and issues inside it with Xray data;
      2. Add a security scheme with certain configured security levels to the project and restrict some issues;
      3. Migrate the project + Xray data on cloud ;
      4. Migration of Xray data will fail as "Issue XXX cannot be found" although the issue is imported/ exists on cloud
      5. Eventually, after ~1 day the Project role "atlassian-addons-project-access" is automatically granted permission in the security level with no mention in the audit log;
      6. If you re-key ( do not delete) the projects and re do the migration, the migration will be successful because the scheme already exists and the role is properly added so it will only be linked to the project/ issues;

      Expected Results

      The Project role "atlassian-addons-project-access" to be granted permission inside the security scheme during the migration via a task/ code triggered during the migration, just like there are tasks/ code that grant the same role permissions in the permission schemes ( and other entities), allowing the migration to be successful;
      OR
      To trigger the existing adding mechanism right after the migration of core data is finished

      Actual Results

      Migration of app data ( Xray) will fail because the issues are not accessible to the App. It might very well be other app migration failing, not necessarily Xray.

      Workaround

      1. As mentioned also in Xray's documentation , migrator would have to either remove the security scheme prior to the migration or grant permission to any logged in user;
      To identify all the projects using security schemes, migrator can use the below query:

      SELECT 
    distinct(isl.name) AS security_level,
    isl.id,
    p.pkey AS project_key
    FROM 
    jiraissue i
JOIN 
    project p ON i.project = p.id
JOIN 
    schemeissuesecuritylevels isl ON i.security = isl.id
WHERE 
    i.security IS NOT NULL
ORDER BY 
    p.pkey, isl.name;

      2. Migrate to cloud and allow the app migration to fail. After the role is being added in the scheme, contact Atlassian to re key the projects on cloud and re-execute the migration. As the security schemes already exist on cloud and have the project role added, the migration of app data will be successful.

              Assignee:
              Unassigned
              Reporter:
              Dan Postelnicu (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: