Bitbucket Server

This integration is provided as an Open Authorization API (OAA) connector package. Contact our support team for more information.

Bitbucket Server Connector

OAA Connector for self-managed Bitbucket Server deployments

Overview

This connector uses the Bitbucket REST API to retrieve information on user access to repositories in a Bitbucket Server. The connector will discover all users and the server, projects and repositories.

Veza OAA Generic Application Mappings

This connector uses the OAA Application template for modeling identities to permissions.

Bitbucket Cloud OAA Application Notes

Bitbucket Cloud	OAA Application	Notes
Workspace	Application
User	Local User
Project	Resource, type `Project`
Repository	Subresource, `Repo`	Repositories are sub-resources of their Project

Workspace

Application

User

Local User

Project

Resource, type Project

Repository

Subresource, Repo

Repositories are sub-resources of their Project

Bitbucket Global Permissions

Bitbucket Server supports the concept of assigning Users and Groups Global Permissions to perform certain actions at the system level including user administration, project creation and general settings management. To retrieve these permissions the connector must use basic username/password authentication since Bitbucket access tokens cannot be configured to grant access to the admin API. The connector can run without discovering global permissions but discovery will be limited.

Setup

Bitbucket Server

Option #1 - Username and password for Global Permissions discovery

Create a new user with admin permissions that can authenticate without two-factor authentication

Option #2 - Token based

For a user with admin permission generate a personal access token
- Under Project Permissions select Project Admin, permission is required to collect user and group authorization on projects and repositories

Veza API Key

Generate an API key for your Veza user. API keys can be managed in the Veza interface under Administration -> API Keys. For detailed instructions consult the Veza User Guide.

Running the Connector

Command Line

With Python 3.8 or higher install the requirements either to a virtual environment, user or system.
```
pip3 install -r requirements.txt
```
Set the Veza API key and Bitbucket authorization environment variables. All other parameters can either be passed as environment variables or command line arguments.
```
export VEZA_API_KEY=<Veza API key>
export BITBUCKET_TOKEN=<Bitbucket Personal Access Token>
```
or
```
export VEZA_API_KEY=<Veza API key>
export BITBUCKET_TOKEN=<User password>
export BITBUCKET_USER=<Bitbucket username>
```
Note: for Windows environments, use the set command instead of export and do not include quotation marks around the parameter values

Run the connector:

 ./oaa_bitbucket.py --bitbucket-url https://bitbucket.example.com \
 --veza-url https://<instance>.vezacloud.com

Application Parameters & Environment Variabls

Parameter Environment Variable Required Notes

Parameter	Environment Variable	Required	Notes
`--bitbucket-url`	`BITBUCKET_URL`	Yes	Name of Bitbucket workspace
n/a	`BITBUCKET_TOKEN`	Yes	User personal access token or password when used with `BITBUCKET_USER`
n/a	`BITBUCKET_USER`	No	Username for basic authentication
`--veza-url`	`VEZA_URL`	Yes	URL of Veza instance
n/a	`VEZA_API_KEY`	Yes	Veza API key
`--save-json`	n/a	No	Save the OAA JSON to file before upload
`--debug`	`OAA_DEBUG`	No	Enable OAA debug, for environment variable set to any value

--bitbucket-url

BITBUCKET_URL

Yes

Name of Bitbucket workspace

n/a

BITBUCKET_TOKEN

Yes

User personal access token or password when used with BITBUCKET_USER

n/a

BITBUCKET_USER

Username for basic authentication

--veza-url

VEZA_URL

Yes

URL of Veza instance

n/a

VEZA_API_KEY

Yes

Veza API key

--save-json

n/a

Save the OAA JSON to file before upload

--debug

OAA_DEBUG

Enable OAA debug, for environment variable set to any value

PreviousBitbucket Cloud NextBullhorn

Last updated 5 months ago