Adapt crowd-bitbucket e2e tests to Bitbucket 9.4.0 (#440)

* Adapt crowd-bitbucket tests to Bitbucket 9.4.0

* Address PR comments

* Return response in case status code isn't 200

---------

Co-authored-by: Yevhen Ivantsov <[email protected]>

dc-infrastructure.tf

@@ -312,6 +312,7 @@ module "bitbucket" {
 
   # If local Helm charts path is provided, Terraform will then install using local charts and ignores remote registry
   local_bitbucket_chart_path = local.local_bitbucket_chart_path
+  bitbucket_websudo_enabled = var.bitbucket_websudo_enabled
 }
 
 module "crowd" {

modules/products/bitbucket/helm.tf

@@ -36,6 +36,12 @@ resource "helm_release" "bitbucket" {
           }
         }
         additionalJvmArgs = concat(local.dcapt_analytics_property, var.additional_jvm_args)
+        additionalEnvironmentVariables = [
+          {
+            name = "FEATURE_WEBSUDO"
+            value = tostring(var.bitbucket_websudo_enabled)
+          }
+        ]
       }
       database = {
         url    = var.rds.rds_jdbc_connection

modules/products/bitbucket/variables.tf

@@ -216,3 +216,9 @@ variable "additional_jvm_args" {
   description = "List of additional JVM arguments to be passed to the server"
   type        = list(string)
 }
+
+variable "bitbucket_websudo_enabled" {
+  description = "Enable web sudo"
+  default     = true
+  type        = bool
+}

test/e2etest/crowd_test.go

@@ -6,8 +6,10 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
+	"net/http/cookiejar"
 	"net/url"
 	"os"
 	"strings"
@@ -99,34 +101,49 @@ func addCrowdUserDirectory(t *testing.T, directoryName string, bitbucketURL stri
 	require.NoError(t, err)
 }
 
-func getBitbucketSessionID(bitbucketURL string, username string, password string) (sessionID string) {
+func getBitbucketSessionID(bitbucketURL string, username string, password string) (sessionID string, err error) {
+	jar, err := cookiejar.New(nil)
+	if err != nil {
+		return "", fmt.Errorf("error creating cookie jar: %v", err)
+	}
 	client := &http.Client{
-		CheckRedirect: func(req *http.Request, via []*http.Request) error {
-			return http.ErrUseLastResponse
-		},
+		Jar: jar,
 	}
-	formData := url.Values{
-		"j_username":      []string{username},
-		"j_password":      []string{password},
-		"atl_remember_me": []string{"on"},
-		"submit":          []string{"Log in"},
+	payload := map[string]interface{}{
+		"username":   username,
+		"password":   password,
+		"rememberMe": true,
 	}
-	encodedData := formData.Encode()
-	request, _ := http.NewRequest(http.MethodPost, bitbucketURL+"/j_atl_security_check", strings.NewReader(encodedData))
-	request.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	payloadBytes, err := json.Marshal(payload)
+	if err != nil {
+		return "", fmt.Errorf("error encoding JSON payload: %v", err)
+	}
+	request, err := http.NewRequest(http.MethodPost, bitbucketURL+"/rest/tsv/1.0/authenticate", bytes.NewReader(payloadBytes))
+	if err != nil {
+		return "", fmt.Errorf("error creating request: %v", err)
+	}
+	request.Header.Set("Content-Type", "application/json")
 	resp, err := client.Do(request)
 	if err != nil {
-		fmt.Println(err)
+		return "", fmt.Errorf("error making request: %v", err)
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		if body, err := ioutil.ReadAll(resp.Body); err != nil {
+			log.Printf("Error reading response body: %v", err)
+		} else {
+			log.Printf("Login failed: %s", string(body))
+		}
+		return "", fmt.Errorf("authentication failed: status code %d", resp.StatusCode)
 	}
-	cookies := resp.Cookies()
-	var bitbucketSessionID *http.Cookie
+	cookies := jar.Cookies(request.URL)
 	for _, cookie := range cookies {
 		if cookie.Name == "BITBUCKETSESSIONID" {
-			bitbucketSessionID = cookie
-			return bitbucketSessionID.Value
+			return cookie.Value, nil
 		}
 	}
-	return ""
+
+	return "", fmt.Errorf("BITBUCKETSESSIONID not found in response")
 }
 
 func generateCrowdCfgXml(t *testing.T, testConfig TestConfig, jdbcURL string, rdsPassword string) {
@@ -242,7 +259,8 @@ func crowdTests(t *testing.T, testConfig TestConfig, bitbucketURL string, crowdU
 
 	// get BITBUCKETSESSIONID to use in the header in subsequent calls
 	// even though basic auth works, atl_token is different each time
-	bitbucketSessionID := getBitbucketSessionID(bitbucketURL, "admin", testConfig.BitbucketPassword)
+	bitbucketSessionID, err := getBitbucketSessionID(bitbucketURL, "admin", testConfig.BitbucketPassword)
+	assert.Nil(t, err)
 	assert.NotEmptyf(t, bitbucketSessionID, "BITBUCKETSESSIONID cannot be empty")
 
 	// now we need to extract atl_token from the hidden input in HTML response
@@ -271,7 +289,7 @@ func crowdTests(t *testing.T, testConfig TestConfig, bitbucketURL string, crowdU
 	log.Printf("Checking if user %s is allowed to call Bitbucket project API\n", userName)
 	projects := getPageContentWithBasicAuth(t, bitbucketURL+"/rest/api/latest/projects", userName, "password")
 	var result map[string]interface{}
-	err := json.Unmarshal(projects, &result)
+	err = json.Unmarshal(projects, &result)
 	require.NoError(t, err)
 	// tests create 1 project, so we expect 1
 	// if auth fails, API returns json with size=0

test/e2etest/test-config.tfvars.tmpl

@@ -140,6 +140,7 @@ bitbucket_nfs_limits_cpu      = "0.25"
 bitbucket_nfs_limits_memory   = "256Mi"
 
 bitbucket_termination_grace_period = 0
+bitbucket_websudo_enabled = false
 
 {{if .additional_role }}
 # Enable access to additional role

variables.tf

@@ -1096,6 +1096,12 @@ variable "bitbucket_additional_jvm_args" {
   type        = list(string)
 }
 
+variable "bitbucket_websudo_enabled" {
+  description = "Enable web sudo"
+  default     = true
+  type        = bool
+}
+
 ################################################################################
 # Bamboo Variables
 ################################################################################