feat(#10): Support http-access-tokens for authentication

2026-03-27 03:41:06 +01:00 · 2024-02-07 23:26:35 +01:00
parent 8f9c46f7d7
commit 5c82693906
4 changed files with 47 additions and 32 deletions
--- a/bitbucket/provider.go
+++ b/bitbucket/provider.go
@@ -18,24 +18,31 @@ func Provider() *schema.Provider {
 	return &schema.Provider{
 		Schema: map[string]*schema.Schema{
 			"server": {
-				Required:    true,
+				Optional:    true,
 				Type:        schema.TypeString,
 				DefaultFunc: schema.EnvDefaultFunc("BITBUCKET_SERVER", nil),
 				Description: "The url of your bitbucket instance. For the docker compose instance this is http://localhost:7990",
 			},
 			"username": {
-				Required:    true,
+				Optional:    true,
 				Type:        schema.TypeString,
 				DefaultFunc: schema.EnvDefaultFunc("BITBUCKET_USERNAME", nil),
 				Description: "The username for authentication. If you're using a personal access token use your normal username.",
 			},
 			"password": {
 				Type:        schema.TypeString,
-				Required:    true,
+				Optional:    true,
 				Sensitive:   true,
 				DefaultFunc: schema.EnvDefaultFunc("BITBUCKET_PASSWORD", nil),
 				Description: "the password for authentication. Personal access tokens are allowed, but http access token aren't yet",
 			},
+			"token": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Sensitive:   true,
+				DefaultFunc: schema.EnvDefaultFunc("BITBUCKET_TOKEN", nil),
+				Description: "Token as alternative to the Password. Only use for repository access tokens. Personal access tokens can use the normal basic authentication",
+			},
 		},
 		ConfigureContextFunc: providerConfigure,
 		DataSourcesMap: map[string]*schema.Resource{
@@ -91,6 +98,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}

 	username := d.Get("username").(string)
 	password := d.Get("password").(string)
+	token := d.Get("token").(string)

 	configErrors := diag.Diagnostics{}

@@ -102,7 +110,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 				Detail:        "server is required and must be provided in the provider config or the BITBUCKET_SERVER environment variable",
 			})
 	}
-	if username == "" {
+	if username == "" && token == "" {
 		configErrors = append(configErrors,
 			diag.Diagnostic{

@@ -111,7 +119,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 				Detail:        "username is required and must be provided in the provider config or the BITBUCKET_USERNAME environment variable",
 			})
 	}
-	if password == "" {
+	if password == "" && token == "" {
 		configErrors = append(configErrors,
 			diag.Diagnostic{
 				Severity:      diag.Error,
@@ -128,6 +136,7 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 		Server:     serverSanitized,
 		Username:   username,
 		Password:   password,
+		Token:      token,
 		HTTPClient: &http.Client{},
 	}

--- a/bitbucket/provider_framework.go
+++ b/bitbucket/provider_framework.go
@@ -34,6 +34,7 @@ type BitbucketServerProviderModel struct {
 	Server   types.String `tfsdk:"server"`
 	Username types.String `tfsdk:"username"`
 	Password types.String `tfsdk:"password"`
+	Token    types.String `tfsdk:"token"`
 }

 func (p *BitbucketServerProviderFramework) Resources(_ context.Context) []func() resource.Resource {
@@ -71,6 +72,11 @@ func (p *BitbucketServerProviderFramework) Schema(_ context.Context, _ provider.
 				Description: "the password for authentication. Personal access tokens are allowed, but http access token aren't yet",
 				Sensitive:   true,
 			},
+			"token": schema.StringAttribute{
+				Optional:    true,
+				Description: "Token as alternative to the Password. Only use for repository access tokens. Personal access tokens can use the normal basic authentication",
+				Sensitive:   true,
+			},
 		},
 	}
 }
@@ -101,11 +107,16 @@ func (p *BitbucketServerProviderFramework) Configure(ctx context.Context, req pr
 		)
 	}

+	token := os.Getenv("BITBUCKET_TOKEN")
+	if data.Token.ValueString() != "" {
+		token = data.Token.ValueString()
+	}
+
 	username := os.Getenv("BITBUCKET_USERNAME")
 	if data.Username.ValueString() != "" {
 		username = data.Username.ValueString()
 	}
-	if username == "" {
+	if username == "" && token == "" {
 		resp.Diagnostics.AddError(
 			"username is required",
 			"username is required and must be provided in the provider config or the BITBUCKET_USERNAME environment variable",
@@ -116,7 +127,7 @@ func (p *BitbucketServerProviderFramework) Configure(ctx context.Context, req pr
 	if data.Password.ValueString() != "" {
 		password = data.Password.ValueString()
 	}
-	if password == "" {
+	if password == "" && token == "" {
 		resp.Diagnostics.AddError(
 			"password is required",
 			"password is required and must be provided in the provider config or the BITBUCKET_PASSWORD environment variable",
@@ -127,6 +138,7 @@ func (p *BitbucketServerProviderFramework) Configure(ctx context.Context, req pr
 		Server:     server,
 		Username:   username,
 		Password:   password,
+		Token:      token,
 		HTTPClient: &http.Client{},
 	}

--- a/bitbucket/util/client/client.go
+++ b/bitbucket/util/client/client.go
@@ -40,6 +40,7 @@ type BitbucketClient struct {
 	Server     string
 	Username   string
 	Password   string
+	Token      string
 	HTTPClient *http.Client
 }

@@ -60,7 +61,11 @@ func (c *BitbucketClient) Do(method, endpoint string, payload *bytes.Buffer, con
 		return nil, err
 	}

-	req.SetBasicAuth(c.Username, c.Password)
+	if c.Password != "" {
+		req.SetBasicAuth(c.Username, c.Password)
+	} else {
+		req.Header.Add("Authorization", "Bearer "+c.Token)
+	}
 	req.Header.Add("X-Atlassian-Token", "no-check")

 	if payload != nil {