eddiewebb / statuspage-banner-atlassian-server / issues / #6 - Not able to point to private status page — Bitbucket

Issue #6 on hold

Pragya Sardana created an issue 2017-03-22

Hey Eddie,

The plugin is also not able to point to private pages also. Please let me know if this something done by design.

Comments (8)

Eddie Webbinaro repo owner
Can you expand by what you mean as Private? It supports IP whitelisting as long as JIRA is in that IP range. spi.io does not support cross-domain calls with the use of an API Key, but I can try to escalate that to them.
- 2017-03-22T18:36:41+00:00
Pragya Sardana Account Deactivated reporter
Hey Eddie,

There is a feature of statuspage.io where you can make certain pages private, accessible to specific users in an organisation ( More Info https://www.statuspage.io/pricing ) . Based on my testing I was not able to load information private status pages that i have access to.

Regards

Pragya Sardana
- 2017-03-22T18:46:31+00:00
Eddie Webbinaro repo owner
Alright, we don't have that feature enabled in ours, and I know they support SAML, but I think you'll have to use the APIKey to support any private integrations.

Can you visit: https://manage.statuspage.io/pages/xxxxx/status-widget (where xxxxx is your page ID) and click the URL box under "Summary", it should expand and show some JS commands.

You'll see a line like:

var sp = new StatusPage.page({ page: 'hk277w25hzw7', apiKey: 'secretsIdontwanttoshare' }); OR var sp = new StatusPage.page({ page: 'hk277w25hzw7', ???Something else???});

Can you let me know if apiKey is present, or some other field besides 'page' ? (best not to share the value with me, this is publicly visible issue)

Based on that I can determine a path to supporting private pages.
- 2017-03-22T19:57:28+00:00
Pragya Sardana Account Deactivated reporter
Hey Eddie,

Here is the line. There is no other attribute present in that line.
```
var sp = new StatusPage.page({ page : '<PageID>' });
```
Regards

Pragya Sardana
- 2017-03-22T20:14:51+00:00
Pragya Sardana Account Deactivated reporter
Hey Eddie

I tried the following commands and it worked with OAuth
```
curl -vvv -H "Authorization: OAuth <API KEY>" https://<PageID>.statuspage.io/api/v2/summary.json
```
Regards

Pragya Sardana
- 2017-03-22T20:21:32+00:00
Eddie Webbinaro repo owner
I don;t think there is a way to support this without exposing your credentials.

The plugin uses Javascript on the client side to call statuspage servers. We can't specify any keys like that in the client JS because anyone who looked at page source would see.

To support oauth I would have to rewrite the plugin to use JIRA as a proxy to SP. So not impossible, but non-trivial.

Unfortunately I don't think I can invest effort down that road at this time, but if more folks express needs I can reconsider.
- 2017-03-22T20:36:30+00:00
Pragya Sardana Account Deactivated reporter
Thank you for looking into this.

Regards

Pragya Sardana
- 2017-03-22T20:54:00+00:00
Eddie Webbinaro repo owner
- changed status to on hold
- 2017-03-22T22:26:01+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: on hold

Votes: 1

Watchers: 4