ENG-3464: Configurable Jira completion status

[JadeCara]

Ticket ENG-3464

Description Of Changes

Allows admins to configure which exact Jira status triggers Fides completion, instead of relying on the entire "done" category. This addresses clients like Toast who use multiple statuses within the done category (e.g., "Done" = privacy work finished, "Complete" = all departments done).

Key changes:

• New needs_polling boolean column on JiraTicketTask — terminal flag that decouples the Fides completion decision from Jira's status category
• New completion_status field in connection secrets — when set, only that exact Jira status name triggers completion
• Frontend "Completion trigger" dropdown in the Jira config tab, scoped to the selected issue type
• Hardened expired token handling — refresh_token_if_needed returns the DB-fresh ConnectionConfig so build_jira_client always uses the latest access token
• Polling interval default reduced from 10 to 3 minutes
• Backward compatible: completion_status = null preserves current behavior

Companion PR: fidesplus#3477

Code Changes

• Add needs_polling column to JiraTicketTask model with partial index
• Add completion_status: str | None to JiraTicketSchema connection secrets
• Migration: add column, backfill existing done/deleted rows, replace partial index
• Frontend: add "Completion trigger" <Select> to JiraConfigTab, scoped to selected issue type; cascading clear on project/issue type change
• RTK Query: getJiraStatuses with required projectKey + issueType params
• Fix stale OAuth token bug: refresh_token_if_needed now returns the fresh ConnectionConfig
• Reduce default polling interval from 10 → 3 minutes
• Fix: seed.py mailgun secrets type error (pass dict instead of Pydantic model)

Steps to Confirm

1. Create a jira_ticket connection via API
2. PATCH secrets with completion_status: "Complete" — verify it saves and reads back
3. PATCH secrets with completion_status: null — verify it clears
4. Verify needs_polling column exists in DB with default false
5. Verify migration downgrade removes the column and restores old index
6. Navigate to Jira integration config in admin UI — verify "Completion trigger" dropdown appears after issue type is selected
7. Dropdown should show statuses for the selected issue type only

8. Changing the issue type should clear the completion trigger selection
9. Approve a privacy request with Jira configured — verify ticket creation succeeds (hardened token handling)

Pre-Merge Checklist

• Issue requirements met
• All CI pipelines succeeded
• CHANGELOG.md updated
  • Add a db-migration This indicates that a change includes a database migration label to the entry if your change includes a DB migration
  • Updates unreleased work already in Changelog, no new entry necessary

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ready	Preview, Comment	May 5, 2026 5:57pm

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
fides-privacy-center	Ignored		May 5, 2026 5:57pm

[github-actions]

Dependency Review

✅ No vulnerabilities found.

Scanned Files

• docs/fides/requirements.txt

[github-actions]

Title	Lines	Statements	Branches	Functions
admin-ui		6.64% (3008/45280)	5.96% (1554/26044)	4.65% (622/13351)
fides-js		79.43% (2013/2534)	66.13% (1244/1881)	73.09% (345/472)
privacy-center		85.97% (331/385)	81.36% (179/220)	78.87% (56/71)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.14%. Comparing base (37ecd60) to head (f8dab0c).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8046   +/-   ##
=======================================
  Coverage   85.14%   85.14%           
=======================================
  Files         637      637           
  Lines       41936    41937    +1     
  Branches     4927     4927           
=======================================
+ Hits        35707    35708    +1     
  Misses       5121     5121           
  Partials     1108     1108           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[JadeCara]

/code-review

[claude]

Code Review: ENG-3464 — Configurable Jira completion status

Overall this is a clean, well-scoped change. The core design decision — decoupling the polling flag (needs_polling) from Jira's status category — is the right abstraction. It makes future completion-trigger variations easy to add and avoids re-querying solely based on Jira's opinionated categories. The backward-compat default (completion_status = null → any done-category status) is correct.

What's working well

• Migration is safe: server_default=true for the new column, followed by a targeted backfill for terminal rows — correct ordering, no data loss risk.
• Partial index: replacing external_status_category IS NULL OR external_status_category != 'done' with needs_polling = true is cleaner and more direct.
• Frontend cascading: clearing completion_status when project or issue type changes is handled correctly at both levels.
• allowClear + showSearch on the completion status <Select> are the right UX choices for an optional field over a potentially long list of statuses.
• Test coverage: the new test_get_open_tasks_includes_done_category_still_needing_polling test captures the key behavioral change precisely.

Notable observations

• Core logic is in the companion PR: The fides side adds the schema field and DB column; the actual logic that reads completion_status and sets needs_polling = false when the status matches lives in fidesplus#3477. Reviewers should confirm the two PRs are reviewed together so the full flow is validated end-to-end.
• PR description step 4 says "Verify needs_polling column exists in DB with default false" — the migration/model actually set the default to true. Minor doc issue in the checklist.

Inline comments

Six inline comments attached covering: stale class docstring, polling interval impact, inline response type, migration backfill clarification, seed.py type-ignore, and || vs ?? in the save handler.

---

🔬 Codegraph: connected (47570 nodes)

---

💡 Write /code-review in a comment to re-run this review.

[erosselli]

Is this pattern something we've done before? it feels a bit weird to me -- have we tested this works as expected?

[JadeCara]

Yes, this pattern exists in fidesplus already (poll_query_log_task.delay and digest tasks via .apply_async()), but is new for fides OSS. The rationale is better isolation — the polling task makes external HTTP calls to Jira, so running it on a worker avoids blocking an APScheduler thread slot on the webserver.

Verified locally with task_always_eager=False: the worker picks up the task, acquires the Redis lock, queries Jira, and completes in ~1.3s. No queue contention risk since it goes to the default fides queue, not the DSR queue.

[jpople]

Frontend code looks good to me!