feat(bitbucketdatacenter): allow service accounts to not require user in the set client

Author: Ru13en

pkg/provider/bitbucketdatacenter/bitbucketdatacenter.go

@@ -275,9 +275,6 @@ func removeLastSegment(urlStr string) string {
 }
 
 func (v *Provider) SetClient(ctx context.Context, run *params.Run, event *info.Event, repo *v1alpha1.Repository, _ *events.EventEmitter) error {
-	if event.Provider.User == "" {
-		return fmt.Errorf("no spec.git_provider.user has been set in the repo crd")
-	}
 	if event.Provider.Token == "" {
 		return fmt.Errorf("no spec.git_provider.secret has been set in the repo crd")
 	}
@@ -316,12 +313,25 @@ func (v *Provider) SetClient(ctx context.Context, run *params.Run, event *info.E
 	v.run = run
 	v.repo = repo
 	v.triggerEvent = event.EventType
-	_, resp, err := v.Client().Users.FindLogin(ctx, event.Provider.User)
+
+	var resp *scm.Response
+	var err error
+	if event.Provider.User != "" {
+		_, resp, err = v.Client().Users.FindLogin(ctx, event.Provider.User)
+	} else {
+		in := &scm.Request{
+			Method: "GET",
+			Path:   repo.Spec.URL,
+			Header: nil, // transport will inject Authorization header
+			Body:   nil,
+		}
+		resp, err = v.Client().Do(ctx, in)
+	}
 	if resp != nil && resp.Status == http.StatusUnauthorized {
-		return fmt.Errorf("cannot get user %s with token: %w", event.Provider.User, err)
+		return fmt.Errorf("failed validation of user %s with provided token: %w", event.Provider.User, err)
 	}
 	if err != nil {
-		return fmt.Errorf("cannot get user %s: %w", event.Provider.User, err)
+		return fmt.Errorf("user validation failed with: %w", err)
 	}
 
 	return nil

pkg/provider/bitbucketdatacenter/bitbucketdatacenter_test.go

@@ -15,6 +15,7 @@ import (
 	"testing"
 	"time"
 
+	"github.com/openshift-pipelines/pipelines-as-code/pkg/apis/pipelinesascode/v1alpha1"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/clients"
 	"github.com/openshift-pipelines/pipelines-as-code/pkg/params/info"
@@ -308,13 +309,14 @@ func TestSetClient(t *testing.T) {
 		name          string
 		apiURL        string
 		opts          *info.Event
+		repo          *v1alpha1.Repository
 		wantErrSubstr string
 		muxUser       func(w http.ResponseWriter, r *http.Request)
 	}{
 		{
-			name:          "bad/no username",
+			name:          "bad/no token",
 			opts:          info.NewEvent(),
-			wantErrSubstr: "no spec.git_provider.user",
+			wantErrSubstr: "no spec.git_provider.secret",
 		},
 		{
 			name: "bad/no secret",
@@ -349,7 +351,26 @@ func TestSetClient(t *testing.T) {
 				_, _ = w.Write([]byte(`{"errors": [{"message": "Unauthorized"}]}`))
 			},
 			apiURL:        "https://foo.bar/rest",
-			wantErrSubstr: "cannot get user foo with token",
+			wantErrSubstr: "failed validation of user foo with provided token: Unauthorized",
+		},
+		{
+			name: "bad/invalid secret",
+			opts: &info.Event{
+				Provider: &info.Provider{
+					Token: "bar",
+					URL:   "https://foo.bar",
+				},
+			},
+			repo: &v1alpha1.Repository{
+				Spec: v1alpha1.RepositorySpec{
+					URL: "rest/api/1.0/users/foo",
+				},
+			},
+			muxUser: func(w http.ResponseWriter, _ *http.Request) {
+				w.WriteHeader(http.StatusUnauthorized)
+			},
+			apiURL:        "https://foo.bar",
+			wantErrSubstr: "failed validation of user  with provided token: %!w(<nil>)",
 		},
 		{
 			name: "bad/unknown error",
@@ -365,7 +386,7 @@ func TestSetClient(t *testing.T) {
 				_, _ = w.Write([]byte(`{"errors": [{"message": "Internal Server Error"}]}`))
 			},
 			apiURL:        "https://foo.bar/rest",
-			wantErrSubstr: "cannot get user foo: Internal Server Error",
+			wantErrSubstr: "user validation failed with: Internal Server Error",
 		},
 		{
 			name: "good/url append /rest",
@@ -398,7 +419,7 @@ func TestSetClient(t *testing.T) {
 				mux.HandleFunc("/users/foo", tt.muxUser)
 			}
 			v := &Provider{client: client, baseURL: tURL}
-			err := v.SetClient(ctx, fakeRun, tt.opts, nil, nil)
+			err := v.SetClient(ctx, fakeRun, tt.opts, tt.repo, nil)
 			if tt.wantErrSubstr != "" {
 				assert.ErrorContains(t, err, tt.wantErrSubstr)
 				return