ENG-2539: Add jira_ticket connection type with singleton enforcement

[eastandwestwind]

Summary

https://ethyca.atlassian.net/browse/ENG-2539

• Adds jira_ticket to the ConnectionType enum with human-readable name and system type mappings
• Adds jira_ticket to the ManualTaskType enum
• Creates JiraTicketSchema secrets schema for OAuth token storage (populated by OAuth callback flow)
• Registers the schema in the secrets_schemas mapping
• Enforces singleton constraint: only one jira_ticket connection allowed per deployment
• Includes Alembic migration to add the new enum value to the connectiontype PostgreSQL type

Code Changes

• src/fides/api/models/connectionconfig.py — Added jira_ticket enum value + human_readable and system_type mappings
• src/fides/api/models/manual_task/manual_task.py — Added jira_ticket to ManualTaskType
• src/fides/api/schemas/connection_configuration/connection_secrets_jira_ticket.py (new) — JiraTicketSchema with optional OAuth fields
• src/fides/api/schemas/connection_configuration/__init__.py — Import and register JiraTicketSchema
• src/fides/service/connection/connection_service.py — Singleton enforcement via _singleton_connection_types set
• src/fides/api/alembic/migrations/versions/xx_2026_02_13_..._add_jira_ticket_to_connectiontype.py (new) — Alembic migration
• tests/service/test_jira_ticket_connection.py (new) — Tests for enum, schema, and singleton
• changelog/ENG-2539-jira-ticket-connection-type.yaml (new) — Changelog entry

Steps to Confirm

1. Verify jira_ticket connection can be created via the existing PATCH /connection endpoint
2. Verify secrets are validated against JiraTicketSchema
3. Verify creating a second jira_ticket connection raises a ValidationError
4. Verify updating an existing jira_ticket connection still works
5. Run tests/service/test_jira_ticket_connection.py

Made with Cursor

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
fides-plus-nightly	Ignored	Preview	Feb 13, 2026 1:57pm
fides-privacy-center	Ignored		Feb 13, 2026 1:57pm

[greptile-apps]

Greptile Overview

Greptile Summary

Adds jira_ticket connection type to enable Jira integration for DSR workflows, with OAuth-based authentication and singleton enforcement to ensure only one Jira connection per deployment.

Changes:

• Added jira_ticket to ConnectionType enum with human-readable name "Jira Ticket" and SystemType.manual
• Added jira_ticket to ManualTaskType enum
• Created JiraTicketSchema with optional OAuth fields (access_token, refresh_token, token_expiry, cloud_id, site_url) that are populated by the OAuth callback flow
• Implemented singleton constraint via _singleton_connection_types set in ConnectionService to prevent multiple Jira connections
• Included Alembic migration to add jira_ticket to the PostgreSQL connectiontype enum
• Added comprehensive test coverage for enum values, schema validation, and singleton enforcement

Issues found:

• Missing JiraTicketDocsSchema in the connection_secrets_schemas Union type (line 235 in __init__.py)
• Unclear if jira_ticket connections should automatically create a ManualTask like manual_task connections do

Confidence Score: 4/5

• Safe to merge after fixing the missing DocsSchema in the Union type
• The implementation is solid with proper enum additions, schema validation, singleton enforcement, database migration, and test coverage. However, there's a missing JiraTicketDocsSchema entry in the Union type that will cause API documentation to be incomplete. Additionally, it's unclear whether automatic ManualTask creation is intentionally omitted or an oversight.
• src/fides/api/schemas/connection_configuration/init.py requires the Union type fix

Important Files Changed

Filename	Overview
src/fides/api/schemas/connection_configuration/connection_secrets_jira_ticket.py	JiraTicketSchema properly defined with optional OAuth fields for progressive population
src/fides/api/schemas/connection_configuration/init.py	Missing JiraTicketDocsSchema in connection_secrets_schemas Union type
src/fides/service/connection/connection_service.py	Singleton enforcement properly implemented; missing automatic ManualTask creation for jira_ticket connections

_{Last reviewed commit: 416eb61}

[greptile-apps]

_{8 files reviewed, 2 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

Additional Comments (2)

src/fides/api/schemas/connection_configuration/__init__.py
JiraTicketDocsSchema is missing from the connection_secrets_schemas Union type

The Union type is used for API documentation. All other connection types include their DocsSchema variant here.

connection_secrets_schemas = Union[
    BigQueryDocsSchema,
    DatahubDocsSchema,
    DynamicErasureEmailDocsSchema,
    DynamoDBDocsSchema,
    EmailDocsSchema,
    FidesDocsSchema,
    GoogleCloudSQLMySQLDocsSchema,
    GoogleCloudSQLPostgresDocsSchema,
    JiraTicketDocsSchema,
    ManualWebhookDocsSchema,
    MariaDBDocsSchema,
    MongoDBDocsSchema,
    MSSQLDocsSchema,
    MySQLDocsSchema,
    OktaDocsSchema,
    PostgreSQLDocsSchema,
    RDSMySQLDocsSchema,
    RDSPostgresDocsSchema,
    RedshiftDocsSchema,
    S3DocsSchema,
    SaaSSchema,
    ScyllaDocsSchema,
    SnowflakeDocsSchema,
    SovrnDocsSchema,
    TimescaleDocsSchema,
    WebsiteSchema,
]

---

src/fides/service/connection/connection_service.py
Check if jira_ticket connections should also automatically create a ManualTask

The manual_task connection type automatically creates a ManualTask with task_type=privacy_request. Since jira_ticket is also a manual integration type that creates tasks, verify if it should follow the same pattern with task_type=jira_ticket.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}