Adding bitbucket datacenter resources

.github/workflows/ci.yaml

@@ -1,5 +1,6 @@
 name: ci
-on: pull_request
+on: 
+  pull_request:
 jobs:
   go-lint:
     runs-on: ubuntu-latest
@@ -11,7 +12,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run linters
-        uses: golangci/golangci-lint-action@v4
+        uses: golangci/golangci-lint-action@v5
         with:
           version: latest
           args: --timeout=3m
@@ -40,65 +41,62 @@ jobs:
   test:
     runs-on: ubuntu-latest
     # Define any services needed for the test suite (or delete this section)
-    # services:
-    #   postgres:
-    #     image: postgres:16
-    #     ports:
-    #       - "5432:5432"
-    #     env:
-    #       POSTGRES_PASSWORD: secretpassword
+    services:
+      postgres:
+        image: postgres:15
+        # Maps tcp port 5432 on service container to the host
+        ports:
+          - "5432:5432"
+        env:
+          POSTGRES_USER: bitbucket
+          POSTGRES_PASSWORD: ${{ secrets.DB_PASSWORD }}
+          POSTGRES_DB: bitbucket
+        # needed because the postgres container does not provide a healthcheck
+        options: >-
+          --health-cmd pg_isready 
+          --health-interval 10s 
+          --health-timeout 5s 
+          --health-retries 3
+          --health-start-period 90s
+
+      bitbucket:
+        image: atlassian/bitbucket-server:8.9.4
+        env:
+          JVM_MINIMUM_MEMORY: 2g
+          JVM_MAXIMUM_MEMORY: 4g
+          JDBC_DRIVER: org.postgresql.Driver
+          JDBC_USER: bitbucket
+          JDBC_PASSWORD: ${{ secrets.DB_PASSWORD }}
+          JDBC_URL: jdbc:postgresql://postgres:5432/bitbucket
+        ports:
+          - '7990:7990'
+        options: >-
+          --health-cmd "curl -f http://localhost:7990/"
+          --health-interval 10s 
+          --health-timeout 5s 
+          --health-retries 3
+          --health-start-period 90s
+
     env:
       BATON_LOG_LEVEL: debug
       # Add any environment variables needed to run baton-bitbucket-datacenter
-      # BATON_BASE_URL: 'http://localhost:8080'
+      BATON_BASE_URL: 'http://localhost:7990'
+      BATON_USERNAME: ${{ secrets.BATON_BITBUCKETDC_PASSWORD }}
+      BATON_PASSWORD: ${{ secrets.BATON_BITBUCKETDC_USERNAME }}
       # BATON_ACCESS_TOKEN: 'secret_token'
       # The following parameters are passed to grant/revoke commands
-      # Change these to the correct IDs for your test data
-      CONNECTOR_GRANT: 'grant:entitlement:group:1234:member:user:9876'
-      CONNECTOR_ENTITLEMENT: 'entitlement:group:1234:member'
-      CONNECTOR_PRINCIPAL: 'user:9876'
+      CONNECTOR_GRANT: 'group:local-group:ADMIN:user:62'
+      CONNECTOR_ENTITLEMENT: 'group:local-group:ADMIN'
       CONNECTOR_PRINCIPAL_TYPE: 'user'
+      CONNECTOR_PRINCIPAL: '62'
     steps:
       - name: Install Go
         uses: actions/setup-go@v4
         with:
           go-version: 1.22.x
       - name: Checkout code
         uses: actions/checkout@v4
-      # Install any dependencies here (or delete this)
-      # - name: Install postgres client
-      #   run: sudo apt install postgresql-client
-      # Run any fixture setup here (or delete this)
-      # - name: Import sql into postgres
-      #   run: psql -h localhost --user postgres -f environment.sql
-      #   env:
-      #     PGPASSWORD: secretpassword
-      - name: Build baton-bitbucket-datacenter
-        run: go build ./cmd/baton-bitbucket-datacenter
-      - name: Run baton-bitbucket-datacenter
-        run: ./baton-bitbucket-datacenter
-
       - name: Install baton
         run: ./scripts/get-baton.sh && mv baton /usr/local/bin
-
-      - name: Check for grant before revoking
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
-
-
-      - name: Revoke grants
-        run: ./baton-bitbucket-datacenter --revoke-grant="${{ env.CONNECTOR_GRANT }}"
-
-      - name: Check grant was revoked
-        run: ./baton-bitbucket-datacenter && baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status "if .grants then .grants[]?.principal.id.resource != \"${{ env.CONNECTOR_PRINCIPAL }}\" else . end"
-
-      - name: Grant entitlement
-        # Change the grant arguments to the correct IDs for your test data
-        run: ./baton-bitbucket-datacenter --grant-entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --grant-principal="${{ env.CONNECTOR_PRINCIPAL }}" --grant-principal-type="${{ env.CONNECTOR_PRINCIPAL_TYPE }}"
-
-      - name: Check grant was re-granted
-
-        run:
-          baton grants --entitlement="${{ env.CONNECTOR_ENTITLEMENT }}" --output-format=json | jq --exit-status ".grants[].principal.id.resource == \"${{ env.CONNECTOR_PRINCIPAL }}\""
-
+      - name: Build baton-bitbucket-datacenter
+        run: go build ./cmd/baton-bitbucket-datacenter

.golangci.yml

@@ -57,22 +57,22 @@ linters-settings:
 linters:
   disable-all: true
   enable:
-    - deadcode # Finds unused code
+    # - deadcode # Finds unused code
     - errcheck # Errcheck is a program for checking for unchecked errors in go programs. These unchecked errors can be critical bugs in some cases
     - gosimple # Linter for Go source code that specializes in simplifying a code
     - govet # Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # Detects when assignments to existing variables are not used
     - staticcheck # Staticcheck is a go vet on steroids, applying a ton of static analysis checks
     - typecheck # Like the front-end of a Go compiler, parses and type-checks Go code
     - unused # Checks Go code for unused constants, variables, functions and types
-    - varcheck # Finds unused global variables and constants
+    # - varcheck # Finds unused global variables and constants
     - asasalint # Check for pass []any as any in variadic func(...any)
     - asciicheck # Simple linter to check that your code does not contain non-ASCII identifiers
     - bidichk # Checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
     - durationcheck # check for two durations multiplied together
     - errorlint # errorlint is a linter for that can be used to find code that will cause problems with the error wrapping scheme introduced in Go 1.13.
-    - execinquery # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
+    # - execinquery # execinquery is a linter about query string checker in Query function which reads your Go src files and warning it finds
     - exhaustive # check exhaustiveness of enum switch statements
     - exportloopref # checks for pointers to enclosing loop variables
     - forbidigo # Forbids identifiers

README.md

@@ -1,3 +1,85 @@
-# baton-bitbucket-datacenter
-Welcome to your new connector! To start out, you will want to update the dependencies.
-Do this by running `make update-deps`.
+
+# `baton-bitbucket-datacenter` [![Go Reference](https://pkg.go.dev/badge/github.com/conductorone/baton-bitbucket.svg)](https://pkg.go.dev/github.com/conductorone/baton-bitbucket) ![main ci](https://github.com/conductorone/baton-zendesk/actions/workflows/main.yaml/badge.svg)
+
+`baton-bitbucket-datacenter` is a connector for Bitbucket built using the [Baton SDK](https://github.com/conductorone/baton-sdk). It communicates with the Bitbucket User provisioning API to sync data about user groups, users, projects and their repositories.
+
+Check out [Baton](https://github.com/conductorone/baton) to learn more about the project in general.
+
+# Prerequisites
+
+To work with the connector, you can use basic authentication, with a username and password.
+
+Each one of these methods are configurable with permissions (Read, Write, Admin) to access the Bitbucket API. The permissions required for this connector are:
+- Read: `Group`, `User`, `Project`, `Repository`
+- Admin: `Project`, `Repository`
+
+# Getting Started
+
+## brew
+
+```
+brew install conductorone/baton/baton conductorone/baton/baton-bitbucket-datacenter
+BATON_BITBUCKETDC_USERNAME=bitbucketdc-username BATON_BITBUCKETDC_PASSWORD=bitbucketdc-password BATON_BITBUCKETDC_BASE_URL=bitbucketdc-baseurl baton-bitbucket-datacenter
+baton resources
+```
+
+## docker
+
+```
+docker run --rm -v $(pwd):/out -e BATON_BITBUCKETDC_USERNAME=bitbucketdc-username BATON_BITBUCKETDC_PASSWORD=bitbucketdc-password BATON_BITBUCKETDC_BASE_URL=bitbucketdc-baseurl ghcr.io/conductorone/baton-bitbucket-datacenter:latest -f "/out/sync.c1z"
+docker run --rm -v $(pwd):/out ghcr.io/conductorone/baton:latest -f "/out/sync.c1z" resources
+```
+
+## source
+
+```
+go install github.com/conductorone/baton/cmd/baton@main
+go install github.com/conductorone/baton-bitbucket-datacenter/cmd/baton-bitbucket-datacenter@main
+BATON_BITBUCKETDC_USERNAME=bitbucketdc-username BATON_BITBUCKETDC_PASSWORD=bitbucketdc-password BATON_BITBUCKETDC_BASE_URL=bitbucketdc-baseurl baton-bitbucket-datacenter
+baton resources
+```
+
+# Data Model
+
+`baton-bitbucket-datacenter` will pull down information about the following Bitbucket resources:
+
+- Groups
+- Users
+- Projects
+- Repositories
+
+# Contributing, Support and Issues
+
+We started Baton because we were tired of taking screenshots and manually building spreadsheets. We welcome contributions, and ideas, no matter how small -- our goal is to make identity and permissions sprawl less painful for everyone. If you have questions, problems, or ideas: Please open a Github Issue!
+
+See [CONTRIBUTING.md](https://github.com/ConductorOne/baton/blob/main/CONTRIBUTING.md) for more details.
+
+# `baton-bitbucket-datacenter` Command Line Usage
+
+```
+baton-bitbucket-datacenter
+
+Usage:
+  baton-bitbucket-datacenter [flags]
+  baton-bitbucket-datacenter [command]
+
+Available Commands:
+  capabilities       Get connector capabilities
+  completion         Generate the autocompletion script for the specified shell
+  help               Help about any command
+
+Flags:
+      --bitbucketdc-baseurl string    Bitbucket Data Center server. example http://localhost:7990. ($BATON_BITBUCKETDC_BASE_URL)
+      --bitbucketdc-password string   Application password used to connect to the BitBucket(dc) API. ($BATON_BITBUCKETDC_PASSWORD)
+      --bitbucketdc-username string   Username of administrator used to connect to the BitBucket(dc) API. ($BATON_BITBUCKETDC_USERNAME)
+      --client-id string              The client ID used to authenticate with ConductorOne ($BATON_CLIENT_ID)
+      --client-secret string          The client secret used to authenticate with ConductorOne ($BATON_CLIENT_SECRET)
+  -f, --file string                   The path to the c1z file to sync with ($BATON_FILE) (default "sync.c1z")
+  -h, --help                          help for baton-bitbucket-datacenter
+      --log-format string             The output format for logs: json, console ($BATON_LOG_FORMAT) (default "json")
+      --log-level string              The log level: debug, info, warn, error ($BATON_LOG_LEVEL) (default "info")
+  -p, --provisioning                  This must be set in order for provisioning actions to be enabled. ($BATON_PROVISIONING)
+  -v, --version                       version for baton-bitbucket-datacenter
+
+Use "baton-bitbucket-datacenter [command] --help" for more information about a command.
+```

baton_capabilities.json

@@ -1,12 +1,53 @@
 {
   "@type": "type.googleapis.com/c1.connector.v2.ConnectorCapabilities",
   "resourceTypeCapabilities": [
+    {
+      "resourceType": {
+        "id": "group",
+        "displayName": "Group",
+        "traits": [
+          "TRAIT_GROUP"
+        ]
+      },
+      "capabilities": [
+        "CAPABILITY_SYNC",
+        "CAPABILITY_PROVISION"
+      ]
+    },
+    {
+      "resourceType": {
+        "id": "project",
+        "displayName": "Project",
+        "traits": [
+          "TRAIT_GROUP"
+        ]
+      },
+      "capabilities": [
+        "CAPABILITY_SYNC",
+        "CAPABILITY_PROVISION"
+      ]
+    },
+    {
+      "resourceType": {
+        "id": "repository",
+        "displayName": "Repository"
+      },
+      "capabilities": [
+        "CAPABILITY_SYNC",
+        "CAPABILITY_PROVISION"
+      ]
+    },
     {
       "resourceType": {
         "id": "user",
         "displayName": "User",
         "traits": [
           "TRAIT_USER"
+        ],
+        "annotations": [
+          {
+            "@type": "type.googleapis.com/c1.connector.v2.SkipEntitlementsAndGrants"
+          }
         ]
       },
       "capabilities": [

cmd/baton-bitbucket-datacenter/config.go

@@ -2,16 +2,36 @@ package main
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/conductorone/baton-sdk/pkg/cli"
+	"github.com/spf13/cobra"
 )
 
 // config defines the external configuration required for the connector to run.
 type config struct {
-	cli.BaseConfig `mapstructure:",squash"` // Puts the base config options in the same place as the connector options
+	cli.BaseConfig    `mapstructure:",squash"` // Puts the base config options in the same place as the connector options
+	BitbucketUsername string                   `mapstructure:"bitbucketdc-username"`
+	BitbucketPassword string                   `mapstructure:"bitbucketdc-password"`
+	BitbucketBaseUrl  string                   `mapstructure:"bitbucketdc-baseurl"`
 }
 
 // validateConfig is run after the configuration is loaded, and should return an error if it isn't valid.
 func validateConfig(ctx context.Context, cfg *config) error {
+	if cfg.BitbucketBaseUrl == "" {
+		return fmt.Errorf("bitbucketdc-baseurl must be provided")
+	}
+
+	if cfg.BitbucketUsername == "" && cfg.BitbucketPassword == "" {
+		return fmt.Errorf("either bitbucketdc-username or bitbucketdc-password must be provided")
+	}
+
 	return nil
 }
+
+// cmdFlags sets the cmdFlags required for the connector.
+func cmdFlags(cmd *cobra.Command) {
+	cmd.PersistentFlags().String("bitbucketdc-username", "", "Username of administrator used to connect to the BitBucket(dc) API. ($BATON_BITBUCKETDC_USERNAME)")
+	cmd.PersistentFlags().String("bitbucketdc-password", "", "Application password used to connect to the BitBucket(dc) API. ($BATON_BITBUCKETDC_PASSWORD)")
+	cmd.PersistentFlags().String("bitbucketdc-baseurl", "", "Bitbucket Data Center server. example http://localhost:7990. ($BATON_BITBUCKETDC_BASE_URL)")
+}

cmd/baton-bitbucket-datacenter/main.go

@@ -27,6 +27,7 @@ func main() {
 	}
 
 	cmd.Version = version
+	cmdFlags(cmd)
 
 	err = cmd.Execute()
 	if err != nil {
@@ -37,8 +38,11 @@ func main() {
 
 func getConnector(ctx context.Context, cfg *config) (types.ConnectorServer, error) {
 	l := ctxzap.Extract(ctx)
-
-	cb, err := connector.New(ctx)
+	cb, err := connector.New(ctx,
+		cfg.BitbucketUsername,
+		cfg.BitbucketPassword,
+		cfg.BitbucketBaseUrl,
+	)
 	if err != nil {
 		l.Error("error creating connector", zap.Error(err))
 		return nil, err