atlassian-development-engineer-assignment/assignment.txt at main · kamilkurach/atlassian-development-engineer-assignment · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# Overview

For integration between ISS Jira and Megacorp, the task is to develop 1 independent listener to send webhooks to Megacorp API.

# Security


## Authorization

Authorization versus API will be made with API Token.

With the user, a 30-day 'access token' can be requested with API calls. The token must be stored on the Jira server file layer.

Script listener must be executed as 'JIRA-SA-PROD-MEGACORP-API'.


## File security

Full permission to the created token(file) is only granted to a service user.

Other accesses to this file are permitted.


# Request specification

- Method: `GET`

* Endpoint: https://webhook.site/

* Token: [generate random string]

* LoopNumber: 5

* Payload:

```json

{

   "RequestID":"14",

   "Reporter":"adam.nowak",

   "Title":"Megacorp rate limit",

   "Attempt":"1",

   "Details":{

      "RequestDate":"12/12/2023-1623",

      "Requestor":"webhook-user"

   }

}

```

## Flow

-   Get API token from a text file

-   Check if token is valid(simulate, that initially is wrong)

    - send a request with token generation

    - use a new token

-   Repeat until '"LoopNumber": 0'

    -  `GET` webhook to Megacorp API with JSON payload

    - inject filed: "RequestDate", with the current date, in the following format `dd/mm/yyyy-hhmm`

    - inject filed: "Attempt", with iteration number


MY COMMENTS:

- [Authorization] "Script listener must be executed as 'JIRA-SA-PROD-MEGACORP-API'" is this name of script ??
- [Authorization] no API key provided in assignment therefore it's impossible to make request for new token
- [Flow] token validation is made on API Server Side not on Client Side so "Check if token is valid(simulate, that initially is wrong)" makes no sense to me
- [Flow] `GET` webhook to Megacorp API with JSON payload -> overriding POST request with "X-HTTP-Method-Override: GET" ??
- [File security] I assume that token txt file is stored in Jira home directory which is probably secured by password

MY FLOW:

- check if API token is present on client side (Jira server) in predefined location (in production: database)
- if token is present in location make validation request (in production: separate endpoint)
- if server returns "498 Invalid Token" or "419 Page Expired" make request to API (API key needs to be provided) for new 30-day token
- if token is valid, make request as follows:

   Repeat until '"LoopNumber": 0'

      - `GET` webhook to Megacorp API with JSON payload

      - inject filed: "RequestDate", with the current date, in the following format `dd/mm/yyyy-hhmm`

      - inject filed: "Attempt", with iteration number