Bitbucket Server
This integration is provided as an Open Authorization API (OAA) connector package. Contact our support team for more information.
Bitbucket Server Connector
OAA Connector for self-managed Bitbucket Server deployments
Overview
This connector uses the Bitbucket REST API to retrieve information on user access to repositories in a Bitbucket Server. The connector will discover all users and the server, projects and repositories.
Veza OAA Generic Application Mappings
This connector uses the OAA Application template for modeling identities to permissions.
Bitbucket Cloud | OAA Application | Notes |
---|---|---|
Workspace | Application | |
User | Local User | |
Project | Resource, type | |
Repository | Subresource, | Repositories are sub-resources of their Project |
Bitbucket Global Permissions
Bitbucket Server supports the concept of assigning Users and Groups Global Permissions to perform certain actions at the system level including user administration, project creation and general settings management. To retrieve these permissions the connector must use basic username/password authentication since Bitbucket access tokens cannot be configured to grant access to the admin API. The connector can run without discovering global permissions but discovery will be limited.
Setup
Bitbucket Server
Option #1 - Username and password for Global Permissions discovery
Create a new user with admin permissions that can authenticate without two-factor authentication
Option #2 - Token based
For a user with admin permission generate a personal access token
Under Project Permissions select Project Admin, permission is required to collect user and group authorization on projects and repositories
Veza API Key
Generate an API key for your Veza user. API keys can be managed in the Veza interface under Administration -> API Keys. For detailed instructions consult the Veza User Guide.
Running the Connector
Command Line
With Python 3.8 or higher install the requirements either to a virtual environment, user or system.
Set the Veza API key and Bitbucket authorization environment variables. All other parameters can either be passed as environment variables or command line arguments.
or
Note: for Windows environments, use the
set
command instead ofexport
and do not include quotation marks around the parameter valuesRun the connector:
Application Parameters & Environment Variabls
Parameter | Environment Variable | Required | Notes |
---|---|---|---|
|
| Yes | Name of Bitbucket workspace |
n/a |
| Yes | User personal access token or password when used with |
n/a |
| No | Username for basic authentication |
|
| Yes | URL of Veza instance |
n/a |
| Yes | Veza API key |
| n/a | No | Save the OAA JSON to file before upload |
|
| No | Enable OAA debug, for environment variable set to any value |
Last updated