Integrating Atlassian Jira with MettleCI Workbench
Note that this page describes how MettleCI can authenticate against Atlassian Jira using OAuth. Atlassian’s documentation on OAuth is available here.
Introduction
In cryptography, X.509 is widely-adopted standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL which is the basis for HTTPS. An X.509 certificate binds an identity to a public key using a digital signature. A certificate contains an identity (a hostname, or an organization, or an individual) and a public key (using an encryption scheme such as RSA, DSA, ECDSA, etc.), and is either signed by a certificate authority or is self-signed. When a certificate is signed by a trusted certificate authority, or validated by other means, someone holding that certificate can use the public key it contains to establish secure communications with another party. In this case the certificate will be used to provide a secure communication mechanism between Atlassian Jira and MettleCI Workbench.
Certificate filename extensions
There are several commonly used filename extensions for X.509 certificates. These are the ones which will feature in the process described here:
.pem
– (Privacy-enhanced Electronic Mail) is a Base64 encoded DER certificate enclosed between-----BEGIN CERTIFICATE-----
header and-----END CERTIFICATE-----
footer..cer
– this certificate file stores information about one X.509 owner certificate and a specific public key..pkcs8
– Public-Key Cryptography Standards (PKCS) #8 is a standard syntax for storing private key information created by RSA Laboratories. The PKCS #8 private key may be encrypted with a passphrase and typically exchanges keys in the PEM base64-encoded format which uses values enclosed between-----BEGIN PRIVATE KEY-----
header and-----END PRIVATE KEY-----
footer (or-----BEGIN ENCRYPTED PRIVATE KEY-----
and-----END ENCRYPTED PRIVATE KEY-----
if you use a passphrase.)
Step 1 - Generating an RSA Public/Private Key Pair
Process Overview
If you haven’t already, you will need to either:
Create a key pair for Workbench to use to authenticate with Jira, or
Request a
.pem
file from your Jira administrator for MettleCI Workbench to use for Jira integration.
Note that a common error is to misspell pkcs as 'pcks'. Please check your spelling is correct when following the instructions below.
Steps
On any secure machine with openssl
installed (It is easiest doing this directly on your DataStage Engine where MettleCI Workbench is installed)…
Generate a 1024-bit private key:
jira_privatekey.pem
$> openssl genrsa -out jira_privatekey.pem 1024 Generating RSA private key, 1024 bit long modulus .......++++++ ..++++++ e is 65537 (0x10001) $>
Create an X509 certificate:
jira_publickey.cer
$> openssl req -newkey rsa:1024 -x509 -key jira_privatekey.pem -out jira_publickey.cer -days 3650 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:AU State or Province Name (full name) []:Victoria Locality Name (eg, city) [Default City]:Melbourne Organization Name (eg, company) [Default Company Ltd]:Data Migrators Pty Ltd Organizational Unit Name (eg, section) []:MettleCI Common Name (eg, your name or your server's hostname) []:myhost.datamigrators.io Email Address []:admin@mettleci.com $>
Extract the private key (PKCS8 format) to a ‘pkcs8’ file:
jira_privatekey.pkcs8
$> openssl pkcs8 -topk8 -nocrypt -in jira_privatekey.pem -out jira_privatekey.pkcs8 $> ll jira_* -rw-r--r-- 1 mciworkb dstage 916 Aug 2 15:10 jira_privatekey.pkcs8 -rw-r--r-- 1 mciworkb dstage 887 Aug 2 15:05 jira_privatekey.pem -rw-r--r-- 1 mciworkb dstage 1224 Aug 2 15:08 jira_publickey.cer $>
Extract the public key from the certificate to a ‘pem’ file:
jira_publickey.pem
file:Ensure all files are owned by the account used to execute the MettleCI Workbench service:
Step 2 - Creating a Jira Application Link
These steps are geared specifically towards Workbench. Atlassian’s own documentation is under the Create an application link section of this page: OAuth
Start by going to the Application links option (under Integrations) of your Jira Administration area.
In the field at the top (under Configure Application Links) enter your MettleCI Workbench URL including protocol and port number (e.g.
https://my-engine.company-intranet.com:8443
) and click Create new linkOn the Configure Application URL window you can leave the default New URL as proposed by Jira (usually identical to the Entered URL). You can safely ignore the ‘No response was received…’ message and click Continue.
On the next window enter the Application Name
Check the Create incoming link checkbox IMPORTant!
Note that we will enter a value for Consumer key later on - but not in this dialog
Click Continue (ensure you leave the other fields blank)
On the next dialog enter …
A random value for Consumer Key (this is just an arbitrary value to uniquely identify this Application Link),
The Consumer Name (e.g. ‘MettleCI Workbench’ without quotes), and
The Public Key (i.e. the contents of
jira_publickey.pem
) that will be used by your Workbench application.
NOTE: The application URL specified at the top of this dialog is the URL to be specified in the Add Issue Management step of the Workbench Issue Management configuration, in the Jira URL field.
Click Continue
Step 3 - Enter the credentials into workbench
To create additional issue management services first use your web browser login to the Atlassian Jira user interface:
Using the same browser login to MettleCI Workbench and select User → Issue Management:
To configure a new work item management connection click the [+] button (top right)
Select the work item management type Jira (there are also guides for Azure, Gitlab, and ServiceNow).
Due to a current defect the Issue Management Type drop down box may not display the 'drop down' icon on some browsers.
You will now want to fill out all the details for your particular Jira Configuration.
Name | This can be anything you like but is often (and is best to use if possible) the name of the Jira project you’re connecting to. |
Jira URL | The Application URL you entered when configuring the Application Link Application in Jira If you have already configured Jira we recommend:
|
Jira Key | The Consumer Key you entered when configuring the Application Link Application in Jira. |
Consumer Secret | Copy and paste the contents of your |
Step 4 - Testing your connection
After you’ve set this up:
Restart the Workbench service
Log into Workbench
Start to perform a check-in (the Job name isn’t important) but start to enter a valid Jira ID in the work item field.
At this point you should be prompted to permit access to Jira so click on Allow
After this you can actually cancel the check-in since its purpose was simply to complete the Workbench-to-Jira integration.
Done!
© 2015-2024 Data Migrators Pty Ltd.