diff --git a/internal/notifier/bitbucket.go b/internal/notifier/bitbucket.go index 05b23d722..542e3202a 100644 --- a/internal/notifier/bitbucket.go +++ b/internal/notifier/bitbucket.go @@ -69,7 +69,18 @@ func NewBitbucket(commitStatus string, addr string, token string, tlsConfig *tls owner := comp[0] repo := comp[1] - client := bitbucket.NewBasicAuth(username, password) + // Support two authentication modes depending on secret content: + // - If username == "x-token-auth" or "x-bitbucket-api-token-auth" the + // password is treated as an OAuth bearer token and we should use + // NewOAuthbearerToken. + // - Otherwise use basic auth with :. + var client *bitbucket.Client + if username == "x-token-auth" || username == "x-bitbucket-api-token-auth" { + // password in this case is the bearer token + client = bitbucket.NewOAuthbearerToken(password) + } else { + client = bitbucket.NewBasicAuth(username, password) + } if tlsConfig != nil { tr := &http.Transport{ TLSClientConfig: tlsConfig, diff --git a/internal/notifier/bitbucket_fuzz_test.go b/internal/notifier/bitbucket_fuzz_test.go index 9ccfeee79..d85fcb7ff 100644 --- a/internal/notifier/bitbucket_fuzz_test.go +++ b/internal/notifier/bitbucket_fuzz_test.go @@ -33,7 +33,11 @@ import ( func Fuzz_Bitbucket(f *testing.F) { f.Add("kustomization/gitops-system/0c9c2e41", "user:pass", "org/repo", "revision/dsa123a", "info", []byte{}, []byte(`{"state":"SUCCESSFUL","description":"","key":"","name":"","url":""}`)) + f.Add("kustomization/gitops-system/0c9c2e41", "x-token-auth:pass", "org/repo", "revision/dsa123a", "info", []byte{}, []byte(`{"state":"SUCCESSFUL","description":"","key":"","name":"","url":""}`)) + f.Add("kustomization/gitops-system/0c9c2e41", "x-bitbucket-api-token-auth:pass", "org/repo", "revision/dsa123a", "info", []byte{}, []byte(`{"state":"SUCCESSFUL","description":"","key":"","name":"","url":""}`)) f.Add("kustomization/gitops-system/0c9c2e41", "user:pass", "org/repo", "revision/dsa123a", "error", []byte{}, []byte(`{}`)) + f.Add("kustomization/gitops-system/0c9c2e41", "x-token-auth:pass", "org/repo", "revision/dsa123a", "error", []byte{}, []byte(`{}`)) + f.Add("kustomization/gitops-system/0c9c2e41", "x-bitbucket-api-token-auth", "org/repo", "revision/dsa123a", "error", []byte{}, []byte(`{}`)) f.Fuzz(func(t *testing.T, commitStatus, token, urlSuffix, revision, severity string, seed, response []byte) { ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { diff --git a/internal/notifier/bitbucket_test.go b/internal/notifier/bitbucket_test.go index a5c07e41c..18b2c7ce7 100644 --- a/internal/notifier/bitbucket_test.go +++ b/internal/notifier/bitbucket_test.go @@ -22,7 +22,7 @@ import ( . "github.com/onsi/gomega" ) -func TestNewBitbucketBasic(t *testing.T) { +func TestNewBitbucketBasicAuth(t *testing.T) { g := NewWithT(t) b, err := NewBitbucket("kustomization/gitops-system/0c9c2e41", "https://bitbucket.org/foo/bar", "foo:bar", nil) g.Expect(err).ToNot(HaveOccurred()) @@ -31,6 +31,24 @@ func TestNewBitbucketBasic(t *testing.T) { g.Expect(b.CommitStatus).To(Equal("kustomization/gitops-system/0c9c2e41")) } +func TestNewBitbucketOAuthRepositoryToken(t *testing.T) { + g := NewWithT(t) + b, err := NewBitbucket("kustomization/gitops-system/0c9c2e41", "https://bitbucket.org/foo/bar", "x-token-auth:bar", nil) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(b.Owner).To(Equal("foo")) + g.Expect(b.Repo).To(Equal("bar")) + g.Expect(b.CommitStatus).To(Equal("kustomization/gitops-system/0c9c2e41")) +} + +func TestNewBitbucketOAuthPersonalToken(t *testing.T) { + g := NewWithT(t) + b, err := NewBitbucket("kustomization/gitops-system/0c9c2e41", "https://bitbucket.org/foo/bar", "x-bitbucket-api-token-auth:bar", nil) + g.Expect(err).ToNot(HaveOccurred()) + g.Expect(b.Owner).To(Equal("foo")) + g.Expect(b.Repo).To(Equal("bar")) + g.Expect(b.CommitStatus).To(Equal("kustomization/gitops-system/0c9c2e41")) +} + func TestNewBitbucketEmptyCommitStatus(t *testing.T) { g := NewWithT(t) _, err := NewBitbucket("", "https://bitbucket.org/foo/bar", "foo:bar", nil)