This script was almost copied from ayush-sharma DevOps tools
- Python >= 3
- requests
- requests-oauthlib
pip install -r requirements.txt
- Go Bitbucket account settings -> OAuth -> Add Consumer
Set
- Repositories = Read
- Account = Write
- Callback URL = https://localhost
- This is a Private consumer = True
Once created take the account_id, key and secret and set the following variables in your environment:
- BB_ACCOUNT_ID
- BB_OAUTH_ID
- BB_OAUTH_SECRET
Whenever command you'll have to:
- Browse the given URL in your browser
- copy the url generated by the BB 2FA from the navigation bar and feed the script with it
Some tips on usage:
List repos
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation listrepos --filereport
Get group info:
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation groupinfo --group foode
Set all repos permission ( IMPORTANT: if no group exist in the repos it will be created ):
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation permissions --repoall --group foo --grant read
Set repo permission example:
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation permissions --group foo --repo bar --grant read
Collect backup infos for each group with
$ BB_ACCOUNT_ID=moldiscovery BB_OAUTH_ID={key} BB_OAUTH_SECRET={secret} python bbcli.py --operation groupinfo --group groupname1 --filereport
$ BB_ACCOUNT_ID=moldiscovery BB_OAUTH_ID={key} BB_OAUTH_SECRET={secret} python bbcli.py --operation groupinfo --group groupname2 --filereport
$ ..
Named report files will be created on the execution with format group_groupname_info.csv .
We're now ready to run for each users group ( few so it's not automatic ) this command:
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation permissions --group foo --grant read
$ BB_ACCOUNT_ID=id BB_OAUTH_ID=key BB_OAUTH_SECRET=secret python bbcli.py --operation permissions --group bar --grant read
..
At the end all groups will have raed-only access to their repos
It is possible to restore the group permissions as before the migration by issuing
$ BB_ACCOUNT_ID=moldiscovery BB_OAUTH_ID={key} BB_OAUTH_SECRET={secret} python bbcli.py --operation restoregroupsgrant --group groupname --backupfilepath pathto/group_groupname_info.csv
Due to the lack of endpoints in BB API1.0 and 2.0 it's not possibile to change user permissions over repoistories, this must be done manually or just do not give user specific permissions on repos, use groups for any user and you'll be fine