I had a requirement to clean our bitbucket license by removing any user with no login record or "Last Authentication" > 60 days.
I did search here and there to find the most suitable approach and at the end i find there are 2 ways.
- Database update script , detailed article .
- Using a custom script with Jira script runner plugin
I preferred the 2nd approach then I developed the required script as below :
Note : Script-runner for Jira is required , Crowd is our identity management tool so, i used rest client to remove the user directly from the assigned group in crowd
import com.atlassian.applinks.api.ApplicationLinkService
import com.atlassian.applinks.api.application.bitbucket.BitbucketApplicationType
import com.atlassian.sal.api.component.ComponentLocator
import com.atlassian.sal.api.net.Request
import com.atlassian.sal.api.net.Response
import com.atlassian.sal.api.net.ResponseException
import com.atlassian.sal.api.net.ResponseHandler
import groovy.json.JsonSlurper
import groovyx.net.http.RESTClient
import org.apache.log4j.Logger
import static groovyx.net.http.ContentType.JSON
def log = Logger.getLogger("com.onresolve.jira.groovy")
def appLinkService = ComponentLocator.getComponent(ApplicationLinkService)
def appLinkName = appLinkService.getPrimaryApplicationLink(BitbucketApplicationType)
def limitsize = 200
def start = 0
assert appLinkName
log.debug(appLinkName)
def Users = []
def isLast = false
while (!isLast) {
def restCallURL = "rest/api/1.0/admin/groups/more-members?context=bitbucket-users&start=${start}&limit=${limitsize}"
def authenticatedRequestFactory = appLinkName.createAuthenticatedRequestFactory()
def result = authenticatedRequestFactory.createRequest(Request.MethodType.GET, restCallURL)
.addHeader("Content-Type", "application/json")
.execute(new ResponseHandler<Response>() {
@Override
void handle(Response response) throws ResponseException {
if (response.statusCode != HttpURLConnection.HTTP_OK) {
throw new Exception(response.getResponseBodyAsString())
} else {
def disable = false
def slurped = new JsonSlurper().parseText(response.getResponseBodyAsString())
isLast = slurped.isLastPage
def slugs = slurped.values
slugs.each {
if (!it.lastAuthenticationTimestamp) {
Users << it.slug
} else {
Date cutoff = new Date().minus(60)
Date last = new Date(it.lastAuthenticationTimestamp)
if (last.before(cutoff)) {
Users << it.slug
}
}
}
start += 200
}
}
})
}
for (user in Users){
restClient('https://YourCrowd/crowd//rest/usermanagement/1/', "group/user/direct", ['username':user,'groupname':'bitbucket-users'])
}
def static restClient(def uri, def path, def query) {
try {
def client = new RESTClient(uri)
def res = client.auth.basic("User", "Pass")
client.delete(path: path, query: query, contentType: JSON)
} catch (Exception e) {
}
}
Then I added the script to be executed as a Jira service every week by following below steps :
Done
Regards,
Mohamed Adel
Atlassian Consultant
ELM Information Security
Riyadh,SA
54 accepted answers
1 comment