Configuring OAuth 1.0 for a Bitbucket Server

To enable users to work with a remote Git repository that is hosted on a Bitbucket Server:

  1. Set up an application link (OAuth 1.0) on the Bitbucket Server.

  2. Apply an application link Secret for the Bitbucket Server.

Set up an application link for OAuth 1.0 on the Bitbucket Server.

Prerequisites
  • You are logged in to the Bitbucket Server.

  • openssl is installed in the operating system you are using.

  • base64 is installed in the operating system you are using.

Procedure
  1. On a command line, run the commands to create the necessary files for the next steps and for use when applying the application link Secret:

    $ openssl genrsa -out private.pem 2048 && \
    openssl pkcs8 -topk8 -inform pem -outform pem -nocrypt -in private.pem -out privatepkcs8.pem && \
    cat privatepkcs8.pem | sed 's/-----BEGIN PRIVATE KEY-----//g' | sed 's/-----END PRIVATE KEY-----//g' | tr -d '\n' | base64 | tr -d '\n' > privatepkcs8-stripped.pem && \
    openssl rsa -in private.pem -pubout > public.pub && \
    cat public.pub | sed 's/-----BEGIN PUBLIC KEY-----//g' | sed 's/-----END PUBLIC KEY-----//g' | tr -d '\n' > public-stripped.pub && \
    openssl rand -base64 24 > bitbucket-consumer-key && \
    openssl rand -base64 24 > bitbucket-shared-secret
  2. Go to Administration  Application Links.

  3. Enter https://<che_fqdn>/ into the URL field and click Create new link.

  4. Under The supplied Application URL has redirected once, check the Use this URL checkbox and click Continue.

  5. Enter Che as the Application Name.

  6. Select Generic Application as the Application Type.

  7. Enter Che as the Service Provider Name.

  8. Paste the content of the bitbucket-consumer-key file as the Consumer key.

  9. Paste the content of the bitbucket-shared-secret file as the Shared secret.

  10. Enter <bitbucket_server_url>/plugins/servlet/oauth/request-token as the Request Token URL.

  11. Enter <bitbucket_server_url>/plugins/servlet/oauth/access-token as the Access token URL.

  12. Enter <bitbucket_server_url>/plugins/servlet/oauth/authorize as the Authorize URL.

  13. Check the Create incoming link checkbox and click Continue.

  14. Paste the content of the bitbucket_consumer_key file as the Consumer Key.

  15. Enter Che as the Consumer name.

  16. Paste the content of the public-stripped.pub file as the Public Key and click Continue.

Prepare and apply the application link Secret for the Bitbucket Server.

Prerequisites
  • The application link is set up on the Bitbucket Server.

  • The following Base64-encoded files, which were created when setting up the application link, are prepared:

    • privatepkcs8-stripped.pem

    • bitbucket_consumer_key

    • bitbucket-shared-secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure
  1. Prepare the Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: bitbucket-oauth-config
      namespace: eclipse-che (1)
      labels:
        app.kubernetes.io/component: oauth-scm-configuration
        app.kubernetes.io/part-of: che.eclipse.org
      annotations:
        che.eclipse.org/oauth-scm-server: bitbucket
        che.eclipse.org/scm-server-endpoint: <bitbucket_server_url> (2)
    type: Opaque
    data:
      private.key: <Base64_content_of_privatepkcs8-stripped.pem> (3)
      consumer.key: <Base64_content_of_bitbucket_server_consumer_key> (4)
      shared_secret: <Base64_content_of_bitbucket-shared-secret> (5)
    1 The Che namespace. The default is eclipse-che.
    2 The URL of the Bitbucket Server.
    3 The Base64-encoded content of the privatepkcs8-stripped.pem file.
    4 The Base64-encoded content of the bitbucket_consumer_key file.
    5 The Base64-encoded content of the bitbucket-shared-secret file.
  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
  3. Verify in the output that the Secret is created.