search

mibexsoftware / sonar-bitbucket-plugin

SonarQube plug-in to create pull request comments for found issues in Bitbucket Cloud
Other
122 stars 72 forks source link

BitBucket Team account API Key is deprecated #48

Closed sudr closed 7 years ago

sudr commented 7 years ago

The current documentation for this plugin refers to BitBucket API Key for team accounts. Atlassian has deprecated this feature:

https://community.atlassian.com/t5/Bitbucket-questions/Team-API-Key/qaq-p/302764

I believe the documentation needs to be updated to use the the new "User account" api key for this use case.

mrueegg commented 7 years ago

Hi @sudr,

Thanks, you're right! I'll update the documentation and report back here.

auras commented 7 years ago

Any update? How do I configure the plugin with the new bitbucket?

mrueegg commented 7 years ago

@auras While the Team API seams to be deprecated, I'm still able to analyze my pull requests with the team API key:

-Dsonar.bitbucket.teamName=XXX -Dsonar.bitbucket.apiKey=XXX

Do you get any errors?

auras commented 7 years ago

You can't generate team api keys anymore 😞

mrueegg commented 7 years ago

I see. Looking at https://blog.bitbucket.org/2016/06/06/app-passwords-bitbucket-cloud/, theoretically (because both team API keys as well as app passwords use basic authentication) it should be possible to reuse the existing parameters when using app passwords:

-Dsonar.bitbucket.teamName=USER_NAME -Dsonar.bitbucket.apiKey=APP_PASSWORD

Could you please try with this?

auras commented 7 years ago

Wow, if you would just have said that teamName can be username and apiKey can be the password that would have solved a lot of time :) Thanks

mrueegg commented 7 years ago

You're welcome :-) I'm not sure if this will work, but it is definitely worth a try...

racetiger commented 7 years ago

@mrueegg , I tried your solution : -Dsonar.bitbucket.teamName=USER_NAME -Dsonar.bitbucket.apiKey=APP_PASSWORD

everything went well until the plugin tried to execute ch.mibex.bitbucket.sonar.client.BitbucketClient.getPullRequestDiff

ERROR: Error during SonarQube Scanner execution
com.sun.jersey.api.client.UniformInterfaceException: GET https://bitbucket.org/!api/2.0/repositories/accountName/repoSlug/diff/accountName/repoSlug:beddc32cab01%0Dcf1d3f89b1ac?context=0 returned a response status of 401 Unauthorized
    at com.sun.jersey.api.client.WebResource.handle(WebResource.java:686)
    at com.sun.jersey.api.client.WebResource.get(WebResource.java:191)
    at ch.mibex.bitbucket.sonar.client.BitbucketClient.getPullRequestDiff(BitbucketClient.scala:187)
    at ch.mibex.bitbucket.sonar.diff.IssuesOnChangedLinesFilter.filter(IssuesOnChangedLinesFilter.scala:15)
    at ch.mibex.bitbucket.sonar.review.ReviewCommentsCreator.processIssues(ReviewCommentsCreator.scala:87)
    at ch.mibex.bitbucket.sonar.review.ReviewCommentsCreator.createOrUpdateComments(ReviewCommentsCreator.scala:28)
    at ch.mibex.bitbucket.sonar.review.SonarReviewPostJob.ch$mibex$bitbucket$sonar$review$SonarReviewPostJob$$handlePullRequest(SonarReviewPostJob.scala:44)
    at ch.mibex.bitbucket.sonar.review.SonarReviewPostJob$$anonfun$execute$1.apply(SonarReviewPostJob.scala:27)
    at ch.mibex.bitbucket.sonar.review.SonarReviewPostJob$$anonfun$execute$1.apply(SonarReviewPostJob.scala:25)

It looks like app password does not give sufficient privilege for this API call ?

calls to https://bitbucket.org/api/2.0/user and https://bitbucket.org/api/2.0/repositories/xxx/xxx/pullrequests were successful with the very same basic auth.

I double checked that my app password has RW permission to Pull requests and Repositories.

Do you have any idea why it could be failing there ?

racetiger commented 7 years ago

@mrueegg It looks like there is an issue with the diff endpoint used by the plugin, as exposed in Bitbucket issue #13909

using api.bitbucket.org instead of bitbucket.org/api would solve the problem, i tested it with curl and the same call passes :

https://api.bitbucket.org/2.0/repositories/accountName/repoSlug/diff/accountName/repoSlug:beddc32cab01%0Dcf1d3f89b1ac?context=0

returns

< HTTP/1.1 200 OK
< Server: nginx
< Vary: Authorization
< Content-Type: text/plain
< X-OAuth-Scopes: pullrequest:write, account
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< Date: Wed, 19 Jul 2017 15:55:00 GMT
< X-Served-By: app-139
< ETag: "427d9d89c2205766f671a0b693f21c09"
< X-Static-Version: 9da15c3fb791
< X-Content-Type-Options: nosniff
< X-Accepted-OAuth-Scopes: repository
< X-Credential-Type: apppassword
< X-Render-Time: 1.37987804413
< Connection: keep-alive
< X-Request-Count: 182
< X-Frame-Options: SAMEORIGIN
< X-Version: 9cb15c3fb791
< Content-Length: 496
< 
diff --git ...
racetiger commented 7 years ago

@mrueegg i did not see the PR #53 ... I confirm it would solve this issue.

mrueegg commented 7 years ago

I've just merged PR #53 which resolves this problem and also updated the documentation accordingly. Thanks all for bringing this up and the PR contribution! I'll create a new release including this bug fix now.