Skip to content

Commit

Permalink
Fixes #18845 (#18854)
Browse files Browse the repository at this point in the history 
Signed-off-by: asjervanasten <asjer94@live.com>
  • Loading branch information
@appiepollo14
appiepollo14 committed Jul 10, 2024
1 parent 57baaad commit de76937
Show file tree
Hide file tree
Showing 17 changed files with 1,609 additions and 812 deletions.
8 changes: 7 additions & 1 deletion applicationset/generators/pull_request.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,13 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera
}
if generatorConfig.BitbucketServer != nil {
providerConfig := generatorConfig.BitbucketServer
if providerConfig.BasicAuth != nil {
if providerConfig.BearerToken != nil {
appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
if err != nil {
return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
}
return pullrequest.NewBitbucketServiceBearerToken(ctx, providerConfig.API, appToken, providerConfig.Project, providerConfig.Repo)
} else if providerConfig.BasicAuth != nil {
password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
if err != nil {
return nil, fmt.Errorf("error fetching Secret token: %w", err)
Expand Down
8 changes: 7 additions & 1 deletion applicationset/generators/scm_provider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,13 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha
} else if providerConfig.BitbucketServer != nil {
providerConfig := providerConfig.BitbucketServer
var scmError error
if providerConfig.BasicAuth != nil {
if providerConfig.BearerToken != nil {
appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace)
if err != nil {
return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err)
}
provider, scmError = scm_provider.NewBitbucketServerProviderBearerToken(ctx, appToken, providerConfig.API, providerConfig.Project, providerConfig.AllBranches)
} else if providerConfig.BasicAuth != nil {
password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace)
if err != nil {
return nil, fmt.Errorf("error fetching Secret token: %w", err)
Expand Down
10 changes: 10 additions & 0 deletions applicationset/services/pull_request/bitbucket_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ func NewBitbucketServiceBasicAuth(ctx context.Context, username, password, url,
return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug)
}

func NewBitbucketServiceBearerToken(ctx context.Context, bearerToken, url, projectKey, repositorySlug string) (PullRequestService, error) {
bitbucketConfig := bitbucketv1.NewConfiguration(url)
// Avoid the XSRF check
bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest")

ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken)
return newBitbucketService(ctx, bitbucketConfig, projectKey, repositorySlug)
}

func NewBitbucketServiceNoAuth(ctx context.Context, url, projectKey, repositorySlug string) (PullRequestService, error) {
return newBitbucketService(ctx, bitbucketv1.NewConfiguration(url), projectKey, repositorySlug)
}
Expand Down
17 changes: 17 additions & 0 deletions applicationset/services/pull_request/bitbucket_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,23 @@ func TestListPullRequestBasicAuth(t *testing.T) {
assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA)
}

func TestListPullRequestBearerAuth(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization"))
assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token"))
defaultHandler(t)(w, r)
}))
defer ts.Close()
svc, err := NewBitbucketServiceBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", "REPO")
require.NoError(t, err)
pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{})
require.NoError(t, err)
assert.Len(t, pullRequests, 1)
assert.Equal(t, 101, pullRequests[0].Number)
assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch)
assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA)
}

func TestListResponseError(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusInternalServerError)
Expand Down
10 changes: 10 additions & 0 deletions applicationset/services/scm_provider/bitbucket_server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,16 @@ func NewBitbucketServerProviderBasicAuth(ctx context.Context, username, password
return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches)
}

func NewBitbucketServerProviderBearerToken(ctx context.Context, bearerToken, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) {
bitbucketConfig := bitbucketv1.NewConfiguration(url)
// Avoid the XSRF check
bitbucketConfig.AddDefaultHeader("x-atlassian-token", "no-check")
bitbucketConfig.AddDefaultHeader("x-requested-with", "XMLHttpRequest")

ctx = context.WithValue(ctx, bitbucketv1.ContextAccessToken, bearerToken)
return newBitbucketServerProvider(ctx, bitbucketConfig, projectKey, allBranches)
}

func NewBitbucketServerProviderNoAuth(ctx context.Context, url, projectKey string, allBranches bool) (*BitbucketServerProvider, error) {
return newBitbucketServerProvider(ctx, bitbucketv1.NewConfiguration(url), projectKey, allBranches)
}
Expand Down
13 changes: 13 additions & 0 deletions applicationset/services/scm_provider/bitbucket_server_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -423,6 +423,19 @@ func TestListReposBasicAuth(t *testing.T) {
verifyDefaultRepo(t, err, repos)
}

func TestListReposBearerAuth(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Equal(t, "Bearer tolkien", r.Header.Get("Authorization"))
assert.Equal(t, "no-check", r.Header.Get("X-Atlassian-Token"))
defaultHandler(t)(w, r)
}))
defer ts.Close()
provider, err := NewBitbucketServerProviderBearerToken(context.Background(), "tolkien", ts.URL, "PROJECT", true)
require.NoError(t, err)
repos, err := provider.ListRepos(context.Background(), "ssh")
verifyDefaultRepo(t, err, repos)
}

func TestListReposDefaultBranch(t *testing.T) {
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
assert.Empty(t, r.Header.Get("Authorization"))
Expand Down
15 changes: 15 additions & 0 deletions assets/swagger.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6881,6 +6881,15 @@
}
}
},
"v1alpha1BearerTokenBitbucket": {
"description": "BearerTokenBitbucket defines the Bearer token for BitBucket AppToken auth.",
"type": "object",
"properties": {
"tokenRef": {
"$ref": "#/definitions/v1alpha1SecretRef"
}
}
},
"v1alpha1BearerTokenBitbucketCloud": {
"description": "BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.",
"type": "object",
Expand Down Expand Up @@ -7967,6 +7976,9 @@
"basicAuth": {
"$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer"
},
"bearerToken": {
"$ref": "#/definitions/v1alpha1BearerTokenBitbucket"
},
"project": {
"description": "Project to scan. Required.",
"type": "string"
Expand Down Expand Up @@ -8874,6 +8886,9 @@
"basicAuth": {
"$ref": "#/definitions/v1alpha1BasicAuthBitbucketServer"
},
"bearerToken": {
"$ref": "#/definitions/v1alpha1BearerTokenBitbucket"
},
"project": {
"description": "Project to scan. Required.",
"type": "string"
Expand Down
14 changes: 13 additions & 1 deletion docs/operator-manual/applicationset/Generators-Pull-Request.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,14 +170,22 @@ spec:
repo: myrepository
# URL of the Bitbucket Server. Required.
api: https://mycompany.bitbucket.org
# Credentials for Basic authentication. Required for private repositories.
# Credentials for Basic authentication (App Password). Either basicAuth or bearerToken
# authentication is required to access private repositories
basicAuth:
# The username to authenticate with
username: myuser
# Reference to a Secret containing the password or personal access token.
passwordRef:
secretName: mypassword
key: password
# Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken
# authentication is required to access private repositories
bearerToken:
# Reference to a Secret containing the bearer token.
tokenRef:
secretName: repotoken
key: token
# Labels are not supported by Bitbucket Server, so filtering by label is not possible.
# Filter PRs using the source branch name. (optional)
filters:
Expand All @@ -195,6 +203,9 @@ If you want to access a private repository, you must also provide the credential
* `username`: The username to authenticate with. It only needs read access to the relevant repo.
* `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests.

In case of Bitbucket App Token, go with `bearerToken` section.
* `tokenRef`: A `Secret` name and key containing the app token to use for requests.

## Bitbucket Cloud

Fetch pull requests from a repo hosted on a Bitbucket Cloud.
Expand Down Expand Up @@ -228,6 +239,7 @@ spec:
# Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken
# authentication is required to access private repositories
bearerToken:
# Reference to a Secret containing the bearer token.
tokenRef:
secretName: repotoken
key: token
Expand Down
13 changes: 12 additions & 1 deletion docs/operator-manual/applicationset/Generators-SCM-Provider.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,14 +178,22 @@ spec:
api: https://mycompany.bitbucket.org
# If true, scan every branch of every repository. If false, scan only the default branch. Defaults to false.
allBranches: true
# Credentials for Basic authentication. Required for private repositories.
# Credentials for Basic authentication (App Password). Either basicAuth or bearerToken
# authentication is required to access private repositories
basicAuth:
# The username to authenticate with
username: myuser
# Reference to a Secret containing the password or personal access token.
passwordRef:
secretName: mypassword
key: password
# Credentials for Bearer Token (App Token) authentication. Either basicAuth or bearerToken
# authentication is required to access private repositories
bearerToken:
# Reference to a Secret containing the bearer token.
tokenRef:
secretName: repotoken
key: token
# Support for filtering by labels is TODO. Bitbucket server labels are not supported for PRs, but they are for repos
template:
# ...
Expand All @@ -199,6 +207,9 @@ If you want to access a private repository, you must also provide the credential
* `username`: The username to authenticate with. It only needs read access to the relevant repo.
* `passwordRef`: A `Secret` name and key containing the password or personal access token to use for requests.

In case of Bitbucket App Token, go with `bearerToken` section.
* `tokenRef`: A `Secret` name and key containing the app token to use for requests.

Available clone protocols are `ssh` and `https`.

## Azure DevOps
Expand Down
90 changes: 90 additions & 0 deletions manifests/core-install.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10437,6 +10437,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
repo:
Expand Down Expand Up @@ -11192,6 +11207,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
required:
Expand Down Expand Up @@ -15497,6 +15527,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
repo:
Expand Down Expand Up @@ -16252,6 +16297,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
required:
Expand Down Expand Up @@ -18198,6 +18258,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
repo:
Expand Down Expand Up @@ -18953,6 +19028,21 @@ spec:
- passwordRef
- username
type: object
bearerToken:
properties:
tokenRef:
properties:
key:
type: string
secretName:
type: string
required:
- key
- secretName
type: object
required:
- tokenRef
type: object
project:
type: string
required:
Expand Down

0 comments on commit de76937

Please sign in to comment.