Make user search GDPR compliant #927
Conversation
|
LGTM, A great pull request! |
|
@eliaschneider Many thanks for such a quick feedback! Although, I've just noticed the failing Travis build, and from the error message, looks like we won't be able to make it backwards compatible keeping the How should we proceed here? I'm seeing that the recent PRs that got merged also had failed checks, but the merge is currently blocked. Do you manually sign off on these checks to allow the merges? |
jira/client.py
Outdated
| if user: | ||
| params["username"] = user |
There was a problem hiding this comment.
@julenpardo Thanks for your efforts on this stuff! We are looking forward for it will be merged! ❤️
Just one question about changes, isn't it redundant to add this check if the username parameter is already in params dictionary ?
Line 2843 in b5ef528
There was a problem hiding this comment.
Hey @darlev91, thanks for your feedback! You're absolutely right, thanks for the catch! I'll push the change asap
There was a problem hiding this comment.
@darlev91 I've already made the changes, thanks again for the feedback!
There was a problem hiding this comment.
@julienadriano Thanks a lot!
What's about query parameter ? It is compatible with both JIRA API versions. I think it's better to keep things simple. Have you had a chance to check this comment?
#927 (comment)
There was a problem hiding this comment.
@darlev91 is it? This is actually what @ngenovictor pointed out above. So we can just use the query parameter right away and keep it backwards compatible?
I did it this way just to be 100% sure that it was compatible with both versions, as I can only test it with the latest one, so I would not be sure about replacing the username parameter. But if that's the case, then I can just apply @ngenovictor's suggestion
There was a problem hiding this comment.
@julienadriano yes, if checking JIRA API docs, it says that query parameter is required (can contain not only emailAddress as a value, and displayName too), but it shouldn't replace username because it is separate one:
Link on JIRA API v3
Link on JIRA API v2
I've checked it already and it really works fine for both API versions, so I think it will be better to add it directly in parameters like separate parameter that should be send on API.
There was a problem hiding this comment.
@julienadriano @ngenovictor I think this point of view make sense in this case:
def search_users(self, query, username=None, startAt=0, maxResults=50, includeActive=True, includeInactive=False):
...
params = {
"query": query,
"username": username,
"includeActive": includeActive,
"includeInactive": includeInactive,
}
...
In this case the client code shouldn't be broken if it uses displayName or emailAddress as a query
What do you think about it, guys ?
There was a problem hiding this comment.
@darlev91 Makes sense to me, I've already pushed the changes
|
likely a duplicate of #940 |
|
@julenpardo please black jira/client.py and merge in changes from master |
241daa3 to
23ace30
Compare
|
@studioj Thanks for the feedback, I've already pushed the changes, is there something I should do now to trigger the checks? |
|
im not too aquianted with jira api but as stated in above review => why add query, if you can query for user ? i think PR https://github.com/pycontribs/jira/pull/940/files suggests to do this ... would that be ok? or is there a reason not to? |
|
@studioj I probably did it that way to still keep the other parameter for backward compatibility, as the change appeared to be a canary release affecting only some servers I'm fine with either approach; I did it this way back then in a rush to fix broken production systems :) The thing is that we pinned the changes made on my branch as dependency, and it's been that way since the PR was open, so I'm aware that change may break some stuff. Let me test this on Monday |
|
Checking the documentation of Self-hosted: Cloud: It seems that That also explains why this PR passes those same checks. It seems like the API doesn't have a problem with passing in incorrect parameters, as discussed in other threads on this PR. So I'm happy approving the approach for this PR. |
The `username` field is deprecated and Jira is gradually removing it from the cloud instances. This is the second time such changes break our integrations; until now, our workaround consisted of first searching for the user based on the email, and then use the account id from the response for the other requests. But now we cannot search anymore for users based on the email, and we need to use the `query` field. Even if we just pass the same exact value we passed to `username`. I can imagine there're several places in the code that would require of being changed for being completely GDPR compliant, but I have no time at the moment to fix all of them :( Thanks for your work!
The payload object was already initialized with the `username` value, so there's no need to check whether is specified or not.
`query` is a different parameter from `username` so it shouldn't replace it actually. Tested with v3 API and it's working.
Co-authored-by: adehad <26027314+adehad@users.noreply.github.com>
b69bad7 to
8abc16f
Compare
|
Many thanks @adehad! I've already committed the suggestion and rebased the head branch with latest master. |
fd1bf01 to
f42acd3
Compare
Co-authored-by: adehad <26027314+adehad@users.noreply.github.com>
Co-authored-by: adehad <26027314+adehad@users.noreply.github.com>
Co-authored-by: adehad <26027314+adehad@users.noreply.github.com>
|
@adehad applied, thank you! |
|
Thanks @adehad for your patience and for approving, what's the process now to merge the PR? |
|
@julenpardo as I've approved I've requested a review from @ssbarnea who has the permissions for the merge. We have a somewhat weekly cadence for merging stuff in, most happens on the weekend. But I'm sure this time it won't take a year ! |
|
Many thanks guys! |
|
and thank you @julenpardo for your patience ! Hope you contribute in the future too ! |
|
When will this be included in a proper PIP release? |
* Make user search GDPR compliant The `username` field is deprecated and Jira is gradually removing it from the cloud instances. This is the second time such changes break our integrations; until now, our workaround consisted of first searching for the user based on the email, and then use the account id from the response for the other requests. But now we cannot search anymore for users based on the email, and we need to use the `query` field. Even if we just pass the same exact value we passed to `username`. I can imagine there're several places in the code that would require of being changed for being completely GDPR compliant, but I have no time at the moment to fix all of them :( Thanks for your work! * Remove redundant check The payload object was already initialized with the `username` value, so there's no need to check whether is specified or not. * Init payload iwth both username and query `query` is a different parameter from `username` so it shouldn't replace it actually. Tested with v3 API and it's working. * Update docblock regarding Jira cloud parameters Co-authored-by: adehad <26027314+adehad@users.noreply.github.com> * Fix optional `user` param * Update docblock Co-authored-by: adehad <26027314+adehad@users.noreply.github.com> * Update docblock Co-authored-by: adehad <26027314+adehad@users.noreply.github.com> * Update docblock Co-authored-by: adehad <26027314+adehad@users.noreply.github.com> Co-authored-by: adehad <26027314+adehad@users.noreply.github.com>
|
FYI @lucasolinden (and others following) this is now included in the pre-release |
|
@adehad I just wanted to mention that you have all my support to tag a full release whenever you think is ok. I liked the feedback I seen so far and once we have that release up it should be easier to make new ones w/o having to do pre-releases. If we release often, the need for a pre-release goes down. Thanks for reviving maintenance on jira library! |
The
usernamefield is deprecated and Jira is gradually removing itfrom the cloud instances. This is the second time such changes break
our integrations; until now, our workaround consisted of first searching
for the user based on the email, and then use the account id from the
response for the other requests. But now we cannot search anymore for
users based on the email, and we need to use the
queryfield. Even ifwe just pass the same exact value we passed to
username.I can imagine there're several places in the code that would require of
being changed for being completely GDPR compliant, but I have no time
at the moment to fix all of them :(
Thanks for your work!