bitbucket cloud: no provider.user has been set

[chmouel]

there is report that pac is not working with bitbucket cloud, with error :

bitbucket cloud: no provider.user has been set

repo crd:

apiVersion: [pipelinesascode.tekton.dev/v1alpha1](http://pipelinesascode.tekton.dev/v1alpha1)
kind: Repository
metadata:
  creationTimestamp: "2022-02-17T09:00:32Z"
  generation: 1
  name: jwennerb-hello-go
  namespace: hello
  resourceVersion: "55066"
  uid: 8a2846c6-d803-4cf7-93c8-10f925eeadf7
spec:
  git_provider:
    secret:
      key: token
      name: bitbucket-cloud-token
    user: jwennerb
  url: https://bitbucket.org/jwennerb/hello-go

we need to investigate

[chmouel]

can reproduce locally :

{"level":"info","ts":1645103834.819806,"caller":"params/run.go:49","msg":"using tekton dashboard url on: https://dashboard.kind.pipelines.devcluster.openshift.com"}
{"level":"info","ts":1645103834.979957,"caller":"pipelineascode/pipelineascode.go:122","msg":"Starting Pipelines as Code version: nightly"}
{"level":"info","ts":1645103834.990069,"caller":"pipelineascode/pipelineascode.go:66","msg":"Using git provider bitbucket-cloud"}
{"level":"error","ts":1645103834.9904032,"caller":"pipelineascode/pipelineascode.go:132","msg":"Cannot create status: no git_provider.user has been set in the repo crd no token has been set, cannot set status","stacktrace":"github.com/openshift-pipelines/pipelines-as-code/pkg/cmd/pipelineascode.runWrap\n\tgithub.com/openshift-pipelines/pipelines-as-code/pkg/cmd/pipelineascode/pipelineascode.go:132\ngithub.com/openshift-pipelines/pipelines-as-code/pkg/cmd/pipelineascode.Command.func1\n\tgithub.com/openshift-pipelines/pipelines-as-code/pkg/cmd/pipelineascode/pipelineascode.go:48\ngithub.com/spf13/cobra.(*Command).execute\n\tgithub.com/spf13/cobra@v1.2.1/command.go:856\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\tgithub.com/spf13/cobra@v1.2.1/command.go:974\ngithub.com/spf13/cobra.(*Command).Execute\n\tgithub.com/spf13/cobra@v1.2.1/command.go:902\nmain.main\n\tgithub.com/openshift-pipelines/pipelines-as-code/cmd/pipelines-as-code/main.go:13\nruntime.main\n\truntime/proc.go:255"}
Error: no git_provider.user has been set in the repo crd
2022/02/17 13:17:14 no git_provider.user has been set in the repo crd
2022/02/17 13:17:09 Copied /ko-app/entrypoint to /tekton/bin/entrypoint

[chmouel]

there is a bug with bitbucket cloud where it checks for the url when it should not,

@jwennerberg can you try adding the api url to git_provider like this :

spec:
  git_provider:
    secret:
      key: token
      name: bitbucket-cloud-token
    user: jwennerb
    url: https://api.bitbucket.org/2.0
  url: https://bitbucket.org/jwennerb/hello-go

(i have another issue with a status and token having some issues setting the statuses but i am not sure they are related to my setup or a breakage)

(we need to fix the e2e tests since they seem to silently passthru)

[jwennerberg]

Adding the api url solved parts of it at least. I get further. I seem to have a permissions issue now.

{"level":"info","ts":1645111337.597448,"caller":"pipelineascode/secret.go:46","msg":"Using git provider bitbucket-cloud: url=https://api.bitbucket.org/2.0 user=jwennerb token-secret=bitbucket-cloud-token in token-key=token"}
Error: 403 Forbidden
2022/02/17 15:22:18 403 Forbidden

Do we have documentation on the permissions needed for the 'app password'?

The Pull Request gets updated in Bitbucket but throws:

Pipelines as Code CI - ❌ Failed

There was an issue validating the commit: "403 Forbidden"

[chmouel]

Yep, trying to figuring this out at the moment, it seems that things has a bit changed lately and the new generated token needs more permissions to set statuses,

[chmouel]

it's pretty weird what is happening, I have two accounts one attached to my work account @redhat.com and one personal one for testing, if i create a token for the personal one with theses rights :

and try to set a status with that token on a commit via the bitbucket API :

% curl -u user:token -d @/tmp/a.json https://api.bitbucket.org/2.0/repositories/user/pac/commit/2b0ad01549a171867b8b02edc149af7006317011/statuses/build/ -H 'Content-Type: application/json' -f
curl: (22) The requested URL returned error: 401

I get a 401

If i try the same thing on my work account, create a token and try with curl :

% curl -u cboudjna:token-d @/tmp/a.json https://api.bitbucket.org/2.0/repositories/cboudjna/foobar/commit/9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4/statuses/build/ -H 'Content-Type: application/json' -f
{"key": "MY-BUILD", "description": "passed", "repository": {"links": {"self": {"href": "https://api.bitbucket.org/2.0/repositories/cboudjna/foobar"}, "html": {"href": "https://bitbucket.org/cboudjna/foobar"}, "avatar": {"href": "https://bytebucket.org/ravatar/%7Be736ae44-aae5-4534-874e-11946fc13fe7%7D?ts=default"}}, "type": "repository", "name": "foobar", "full_name": "cboudjna/foobar", "uuid": "{e736ae44-aae5-4534-874e-11946fc13fe7}"}, "url": "https://dashboard.kind.pipelines.devcluster.openshift.com", "links": {"commit": {"href": "https://api.bitbucket.org/2.0/repositories/cboudjna/foobar/commit/9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4"}, "self": {"href": "https://api.bitbucket.org/2.0/repositories/cboudjna/foobar/commit/9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4/statuses/build/MY-BUILD"}}, "refname": null, "state": "SUCCESSFUL", "created_on": "2022-02-17T15:28:30.400870+00:00", "commit": {"hash": "9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4", "type": "commit", "links": {"self": {"href": "https://api.bitbucket.org/2.0/repositories/cboudjna/foobar/commit/9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4"}, "html": {"href": "https://bitbucket.org/cboudjna/foobar/commits/9a2fd2dc71dcde68ead5c69e99a9f5c6d6e2c0c4"}}}, "updated_on": "2022-02-17T15:47:50.143956+00:00", "type": "build", "name": ""}

I can properly set the status as it should be,

I do have a atlassian product attached to my work account (Bitbucket Data Center), I wonder if they started to restrict API call for free users (big 😞 if that's the case)

[jwennerberg]

I also confirmed the permissions issue on my end. It's working now, but then that's probably because I also use my work account.

[chmouel]

great let me add this to the documentation then.

(it's perhaps an issue with my test account as well)

[jwennerberg]

Sorry, I was mistaken. Apparently 'Account: Read' was needed as well.

[chmouel]

thanks @jwennerberg i have added your screenshot on #418