Webhooks are not sent from Jira Service Management Automation rules
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
Webhooks are not sent from Jira Service Management (JSM) automation rules, even though the automation logs are showing that the automation was successful.
Note that the issue only occurs with the JSM Automation module (configured in Project Setting > Automation), not with the automation module from the Automation for Jira add-on (which is configure in Project Settings > Project Automation). If you are using Automation for Jira, this KB article does not apply to you.
環境
Service Management 4.6.0 or any version above.
診断
- An JSM automation rule is configured in Project Setting > Automation to send a webhook
- When the automation rule is triggered, the automation logs are showing that the webhook was successfully sent
- However, in reality, the webhook was never sent
In the Jira application logs, the following warning can be seen at the time the automation rule was triggered:
2021-09-24 11:16:57,521+0200 PsmqAsyncExecutors-then:thread-24 WARN someuser 594x940x1 1er25nu 0:0:0:0:0:0:0:1 /secure/DeleteComment.jspa [c.a.s.p.a.i.e.engine.asyncthen.AsyncThenJobProcessor] Failed executing ThenAction com.atlassian.servicedesk.plugins.automation.webhook.rulethen.WebhookThenAction asynchronously: 'Invalid URL, not permitted by the system whitelist'
原因
Due to security concern, from JSM 4.6.0, the automation module was updated in a way that it will only send a webhook to an URL if this URL has been whitelisted, as per this developer community discussion. For this reason, whenever a new automation rule is configured to sent a webhook, it is necessary to whitelist the webhook URL in the page ⚙ > System > Allowlist (also called ⚙ > System > Whitelist in Jira 8.13.3 or higher versions) for the automation to send the webhook. Otherwise, the automation will not be executed.
The fact that the JSM automation rule always shows a SUCCESS in the logs regardless if the webhook was sent or not is actually a bug, which is tracked in this public bug ticket: Service Desk webhooks that fail indicate success. So, because of this bug, the automation logs will always show a success, which is of course misleading.
ソリューション
Whenever a new automation rule is configured to sent a webhook, it is necessary to whitelist the webhook URL in the page ⚙ > System > Allowlist (also called ⚙ > System > Whitelist in Jira 8.13.3 or higher versions), as shown in the screenshot below. Please note that it is not necessary to tick the "Allow incoming" option in this case.
Important note: if you are using Jira 8.13.3 or any higher version, it is necessary to tick the Allow anonymous users option for the automation rule to work.
- This is what the configuration should look like in Jira 8.13.2 and lower versions:
- This is what the configuration should look like in Jira 8.13.3 and higher versions:
