JIRA: allow different templates for jira description rendering #3938
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Depending on your JIRA instance or JIRA project, you may want to use different templates for rendering the issue description. Sometimes you want to provide all the details and want them to be visible in JIRA.
Sometimes you want to provide only a link back into defect dojo and not too much details.
This PR allows you to chose between these two templates, or add even more of your own templates.
Any templates added to (or modified in)
dojo/templates/issue-trackers
automatically become options in the jira config dropdowns.The PR is always falling back to the default full description template already in use. So when people to do nothing after upgrading, it just keeps work as it was. It's all optional.
The PR also adds the
component_name
,component_version
and all theSAST_xxxx
fields to the "full/default" jira template, fixing #3931BTW The first attempt at this PR was using a new model
JIRAIssueTemplate
that could be edited via the Django Admin portal at/admin
. But this opened up risks that people could use the template language to retrieve all kinds of sensitive details. In the current world I think a lot of setups still have "everyone" as staff/superuser, so there was too much risk.With a better permission model we could still switch to using a model instead of having to use templates on the filesystem and having to rebuild the images (or use complex mounting nobody understands ;-))
BTW2 In v2 of this PR I used the
FilePathField
on the model to let django populate the dropdown for us. But this resulted in the full path being stored in the issue_template field, where the template loader expects a relative path. So this required adding/removing of the prefix in some places, which broke the model validation, etc.BTW3 So then I moved to just a CharField with choices. This worked, but if a user adds a template on disk, the choices change and django expects you to make a migration. Our initializer automatically makes those resulting in instances getting our of sync and in conflict with upstream releases.
So I fell back to just using a CharField and populating the dropdown on the forms.