I had a requirement to clean our bitbucket license by removing any user with no login record or "Last Authentication" > 60 days.
I did search here and there to find the most suitable approach and at the end i find there are 2 ways.
- Database update script , detailed article .
- Using a custom script with Jira script runner plugin
I preferred the 2nd approach then I developed the required script as below :
Note : Script-runner for Jira is required , Crowd is our identity management tool so, i used rest client to remove the user directly from the assigned group in crowd
import com.atlassian.applinks.api.ApplicationLinkService
import com.atlassian.applinks.api.application.bitbucket.BitbucketApplicationType
import com.atlassian.sal.api.component.ComponentLocator
import com.atlassian.sal.api.net.Request
import com.atlassian.sal.api.net.Response
import com.atlassian.sal.api.net.ResponseException
import com.atlassian.sal.api.net.ResponseHandler
import groovy.json.JsonSlurper
import groovyx.net.http.RESTClient
import org.apache.log4j.Logger
import static groovyx.net.http.ContentType.JSON
def log = Logger.getLogger("com.onresolve.jira.groovy")
def appLinkService = ComponentLocator.getComponent(ApplicationLinkService)
def appLinkName = appLinkService.getPrimaryApplicationLink(BitbucketApplicationType)
def limitsize = 200
def start = 0
assert appLinkName
log.debug(appLinkName)
def Users = []
def isLast = false
while (!isLast) {
def restCallURL = "rest/api/1.0/admin/groups/more-members?context=bitbucket-users&start=${start}&limit=${limitsize}"
def authenticatedRequestFactory = appLinkName.createAuthenticatedRequestFactory()
def result = authenticatedRequestFactory.createRequest(Request.MethodType.GET, restCallURL)
.addHeader("Content-Type", "application/json")
.execute(new ResponseHandler<Response>() {
@Override
void handle(Response response) throws ResponseException {
if (response.statusCode != HttpURLConnection.HTTP_OK) {
throw new Exception(response.getResponseBodyAsString())
} else {
def disable = false
def slurped = new JsonSlurper().parseText(response.getResponseBodyAsString())
isLast = slurped.isLastPage
def slugs = slurped.values
slugs.each {
if (!it.lastAuthenticationTimestamp) {
Users << it.slug
} else {
Date cutoff = new Date().minus(60)
Date last = new Date(it.lastAuthenticationTimestamp)
if (last.before(cutoff)) {
Users << it.slug
}
}
}
start += 200
}
}
})
}
for (user in Users){
restClient('https://YourCrowd/crowd//rest/usermanagement/1/', "group/user/direct", ['username':user,'groupname':'bitbucket-users'])
}
def static restClient(def uri, def path, def query) {
try {
def client = new RESTClient(uri)
def res = client.auth.basic("User", "Pass")
client.delete(path: path, query: query, contentType: JSON)
} catch (Exception e) {
}
}
Then I added the script to be executed as a Jira service every week by following below steps :
Done
Regards,
Mohamed Adel
Atlassian Consultant
ELM Information Security
Riyadh,SA
54 accepted answers
Online forums and learning are now in one easy-to-use experience.
By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.
1 comment