Skip to content

Latest commit

 

History

History
152 lines (125 loc) · 8.56 KB

CONFIGURE_BITBUCKET_INTEGRATION.md

File metadata and controls

152 lines (125 loc) · 8.56 KB
Raw

Configure BitBucket Server (Stash) Integration

This integration is for Atlassian BitBucket Server (a.k.a. Stash), not for bitbucket.org, which is the online SaaS version.

We also have a quick video tutorial demonstrate the following step in here.

Prerequisites

  1. Generate a RSA private key
openssl genrsa -out insightio.private.pem 1024

and the output file should look similar to

-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDZpkwjYhaLA5P86AJsDrdAkgLb4Q1wlvV4Fk2ft1AEi1AW5YkU
ZwLx7t+3CRCRxdap7ZzJM+BtdRKu8AM8dEXY2eQeF4qEJVI/O4z1emnmG5oMQl/U
GEa9NY1Fip/aEWVLGeOydS7sl/H8TV6jd7EDiNBLx03ujp9k9qbUlGFBPQIDAQAB
AoGBANgeXTQ1ThUztFtJNj5+TlD7q4MScfn+rDhWTTXvHLGmdByISBnOQApkHBjw
E1fsjz+lBi50KMIHokm7YjtBaagYmISkfMqFesNU7hs/RjOeNAf65FWSfq8t3C5E
+7FL2gpvx7mbOHI5fSBa4wzHA/mOxndmzv3ojinh7k/+3pGBAkEA/ZQBrEQCKgU9
kKnIw2UlLmfLfHUek6+g8nCL21kkWCFveL6hav2J+lL/885lY76tB434IQxPN3oL
i+CcEYFWuQJBANu6ckCANqmxFK1aKlljD332u6PFCVxqqrqQALG1HdTJ+laAyHTS
73TCNczH3l3meJvJ+TZ6YJre+ISQXdC5PKUCQQDphSCZRLP9gH/2tfSVxJKeDqX9
AlpbRTThrzWMlaX7pybhuiQqxDwJk9/z5VHHrnPn7hzgSla1TyZM9VakZEi5AkEA
gsKU5W+nmBqKvJMQ6rr56DNh/Rbv+DB+Q6IY16h6BTzhnoLrSCKTX/+HdsNmwKi8
E7IBffsb7G5OpM0pF2J1BQJATbedk1hvLDmVeR0JvkphO7WqnZe13elBQgJ4Ubwn
RahDkYUV9DnCxMN8UGZHAssFYi/yQ9wJPuEdyBfNjUAsQA==
-----END RSA PRIVATE KEY-----
  1. Generate a RSA public key with the private key file you have just created by
openssl rsa -pubout -in insightio.private.pem -out insightio.public.pem

And the output file should be similar to

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDZpkwjYhaLA5P86AJsDrdAkgLb
4Q1wlvV4Fk2ft1AEi1AW5YkUZwLx7t+3CRCRxdap7ZzJM+BtdRKu8AM8dEXY2eQe
F4qEJVI/O4z1emnmG5oMQl/UGEa9NY1Fip/aEWVLGeOydS7sl/H8TV6jd7EDiNBL
x03ujp9k9qbUlGFBPQIDAQAB
-----END PUBLIC KEY-----

Configure OAuth on BitBucket Server

  1. Login with admin account on your BitBucket Server and find the Application Links settings in Administration page (/plugins/servlet/applinks/listApplicationLinks) image
  2. Create a new link and provide the Insight.io Enterprise link in the popout modal. The Request Token URL, Access Token URL and Authorize URL should be:
  requestTokenUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/request-token
  accessTokenUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/access-token
  authorizationUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/authorize

image 3. Configure the setting for link application with all OAuth1 settings. Also, remember to opt-in the incoming link checkbox. image 4. Provide details for outgoing link as follows. The most important step is the public key section, in which you should fill in the content of your public key you have generated in Prerequisites section.

Notice: Before copy the public key, remove the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- header and join the rest of the key into 1 single line. image 5. After you have created the application link, there is one last thing left. Edit the new create application link and in the Incoming Authentication tab, delete it and recreated it, but with Consumer Callback URL (e.g. http://localhost:9000/authenticate/bitbucket/ provided. image

Integrate BitBucket Server OAuth1 with Insight.io Enterprise

In your lambdalab.conf file, add a new bitbucket section into the securesocial section with the following fields:

  • baseUrl: the host of the BitBucket server instance
  • requestTokenUrl, accessTokenUrl and authorizationUrl are the 3 separate links OAuth1 required and also the ones you have provided when setting up the application link
  • consumerKey is the key for the OAuth1 secret
  • privateKey is the content of the private key you have generated at the very beginning of this tutorial.

Notice: Before copy the private key, remove the -----PRIVATE PUBLIC KEY----- and -----PRIVATE PUBLIC KEY----- header and join the rest of the key into 1 single line. (A helpful command line for joining multiple lines together into one single line is cat xxx.pem | xargs | sed "s/ //g").

bitbucket {
  baseUrl="http://bitbucket-server-5-6.insight.io"
  requestTokenUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/request-token
  accessTokenUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/access-token
  authorizationUrl=${securesocial.bitbucket.baseUrl}/plugins/servlet/oauth/authorize
  consumerKey=insightio
  privateKey="MIICXgIBAAKBgQDZpkwjYhaLA5P86AJsDrdAkgLb4Q1wlvV4Fk2ft1AEi1AW5YkUZwLx7t+3CRCRxdap7ZzJM+BtdRKu8AM8dEXY2eQeF4qEJVI/O4z1emnmG5oMQl/UGEa9NY1Fip/aEWVLGeOydS7sl/H8TV6jd7EDiNBLx03ujp9k9qbUlGFBPQIDAQABAoGBANgeXTQ1ThUztFtJNj5+TlD7q4MScfn+rDhWTTXvHLGmdByISBnOQApkHBjwE1fsjz+lBi50KMIHokm7YjtBaagYmISkfMqFesNU7hs/RjOeNAf65FWSfq8t3C5E+7FL2gpvx7mbOHI5fSBa4wzHA/mOxndmzv3ojinh7k/+3pGBAkEA/ZQBrEQCKgU9kKnIw2UlLmfLfHUek6+g8nCL21kkWCFveL6hav2J+lL/885lY76tB434IQxPN3oLi+CcEYFWuQJBANu6ckCANqmxFK1aKlljD332u6PFCVxqqrqQALG1HdTJ+laAyHTS73TCNczH3l3meJvJ+TZ6YJre+ISQXdC5PKUCQQDphSCZRLP9gH/2tfSVxJKeDqX9AlpbRTThrzWMlaX7pybhuiQqxDwJk9/z5VHHrnPn7hzgSla1TyZM9VakZEi5AkEAgsKU5W+nmBqKvJMQ6rr56DNh/Rbv+DB+Q6IY16h6BTzhnoLrSCKTX/+HdsNmwKi8E7IBffsb7G5OpM0pF2J1BQJATbedk1hvLDmVeR0JvkphO7WqnZe13elBQgJ4UbwnRahDkYUV9DnCxMN8UGZHAssFYi/yQ9wJPuEdyBfNjUAsQA=="
}

Then restart the web server by ./lambda-compose restart webserver.

(Optional) Configure OAuth with BitBucket Server Admin User Personal Access Token

(This section is optional)

To let BitBucket Server grant Insight.io with higher level of permission, you can attach personal access token of the Admin user to Insight.io. Follow the steps below to achieve this:

  1. Login with admin account on your BitBucket Server and find the Personal Access Token settings in Account page (/account). image
  2. Create a new token by clicking the "Create a token" button on the top right.
  3. Provide at least Write permission for both Projects and Repositories. image
  4. Keep the new created token image
  5. Add two additional fields adminUsername and adminToken in the bitbucket section as mentioned above. Then the entire bitbucket section should look like:
bitbucket {
  ...
  consumerKey=xxx
  privateKey=xxx
  adminUsername=admin
  adminToken="NTI0NTI3NDE3NDQzOmPP6AuBAbdhJntXn1fHXW+Tlu77"
}

(Optional) Customize Git Clone/Update SSH Port

(This section is optional)

If your BitBucket Server instance has a customized git clone ssh port, you need follow this section to make sure your private repositories can be checked out normally.

bitbucket {
  ...
  sshPort: 1234
}

Verify the Integration

If everything works well, you should be able to see Login with BitBucket button in login page. Click on it to kick off the standard OAuth1 authentication process.

After you have logged in, visit /account/projects page of Insight.io Enterprise instance and open the Import Projects modal and you should be able to see all the projects that are visible to you on BitBucket server.

Configure BitBucket Cloud Integration

BitBucket Cloud (a.k.a, https://bitbucket.org) supports OAuth2 authentication. Please follow this official guide on how to create an OAuth2 consumer first.

Then add the following configuration in ./configs/user.conf file.

bitbucket-cloud {
  baseUrl="https://bitbucket.org"
  authorizationUrl=${securesocial.bitbucket-cloud.baseUrl}/site/oauth2/authorize
  accessTokenUrl=${securesocial.bitbucket-cloud.baseUrl}/site/oauth2/access_token
  clientId="rAAUdB2YUVVMHWx9mA"
  clientSecret="yBARtMGq8aydG4x9KKVNfkJyKthhu9Z5"
}

As the last step, restart the webserver by ./lambda-compose restart webserver.