mbegerau commented on PR #9547: URL: https://github.com/apache/nifi/pull/9547#issuecomment-2718108841
First of all thanks @pvillard31 for initiating this PR. We are starting to migrate some projects from NiFi 1 to NiFi 2 and the new git registry client feature is actually one of the top reasons why we want to migrate, because it really reduces the complexity of the setup. Also my company is locked in to Atlassian tech stack which is why I'm looking forward to the Bitbucket implementation. That being said, I checked out your branch today and tried to set it up. Here are my notes: 1. Naming: Doesn't really matter but the second "b" of Bitbucket is usually lowercase and we should probably keep it like that. 2. The atlassian bundle is missing in the [pom.xml of the nifi-assembly bundle](nifi-assembly/pom.xml). Without adding the dependency there the BitbucketFlowRegistryClient did not show up with the usual _mvnw install..._, because the nar file was not installed. 3. The Bitbucket access token flow would be our preferred authentication solution and it's not working. You said you can't test it due to being a paid service. Maybe we can debug this together. The reason for now is that the [endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-user-permissions-repositories-get) you use in the [checkRepoPermissions](https://github.com/pvillard31/nifi/blob/838e21cdbf0d2368c94e57797f728f7e2efff077/nifi-extension-bundles/nifi-atlassian-bundle/nifi-atlassian-extensions/src/main/java/org/apache/nifi/atlassian/bitbucket/BitBucketRepositoryClient.java#L395) method always returns _{"type": "error", "error": {"message": "Token is invalid, expired, or not supported for this endpoint."}}_ when used with an access token. From what I read in the [Access Token usage documentation](https://developer.atlassian.com/cloud/bitbucket/rest/intro/#access-tokens) access tokens can't have the "account" scope. So all endpoints requiri ng this scope will not work. For example the [/user endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-users/#api-user-get) does not work as well. Also it says "Access Tokens are not listed in any repository or workspace permission API response." So the [/permissions-config/users endpoint](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-permissions-config-users-get) actually works with access token, but it does not return any results. You can check for repository (read) and repository:write permissions indirectly, [Get a repository](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-repositories/#api-repositories-workspace-repo-slug-get) returns status code 200 with read permissions (404 otherwise) and [Create a commit by uploading a file](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-source/#api-repositories-workspace-repo-slug-src-post) without a request body return s status code 415 with write permissions (404 otherwise). 4. When I switched to oauth with client credentials it works. I tested creating a new flow, commiting a new version and returning to an old version. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
