Forums

Articles
Create
cancel
Showing results for 
Search instead for 
Did you mean: 

Project-level variables

sah-lazos February 25, 2020

(My first post, please let me know where i can make feature requests!)

Are there any plans to add Project-level variables to Bitbucket Pipelines?

I use variables to configure AWS access keys, and since i develop a lot of microservices it can be a pain to maintain an IAM user for each repository. On the other hand, I don't want to have one set of credentials for my entire Bitbucket team since it is not good practice to have an all-powerful set of credentials that can take down your whole environment if compromised. Was thinking Project-level would be the ideal compromise. 

3 answers

3 accepted

1 vote
Answer accepted
Andy - PTC Redundant
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 25, 2020

Nice one @sah-lazos : consider your own answer accepted.

For people who have the same or similar questions, some additional advice:

Always go to https://support.atlassian.com/
In particular click on Suggestions and Bugs: https://jira.atlassian.com/secure/Dashboard.jspa?selectPageId=10440

This is everything and anything to do with Bug fixing of Atlassian Products and Feature requests!

1 vote
Answer accepted
sah-lazos February 25, 2020

Will answer my own question: https://jira.atlassian.com/browse/BCLOUD-14959

0 votes
Answer accepted
sah-lazos August 24, 2021

As a workaround, i came up with the following script against the Bitbucket API (requires curl and jq, a bitbucket App password associated with your user from your personal settings). This sets (or resets) the same variable on every repo in a project.

The code below sepcifically helps me set AWS credentials, but you could change to any variables

 

#!/bin/bash

API_BASE_URL=https://api.bitbucket.org/2.0

if [ -z "$BBUSERNAME" ]; then
echo "Missing required environment variable BBUSERNAME"
exit 1
fi

if [ -z "$BBSECRET" ]; then
echo "Missing required environment variable BBSECRET"
exit 1
fi

read -p "Workspace: " API_WORKSPACE
read -p "Project Key: " PROJECT_KEY
read -p "AWS Access Key ID: " AWS_ACCESS_KEY_ID
read -p "AWS Secret Access Key: " AWS_SECRET_ACCESS_KEY

projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE?q=project.key=\"$PROJECT_KEY\"")
nextpage=$(echo $projects | jq -r '.next')

update_variable() {
repo_slug=$1
key=$2
value=$3
secured=$4
uuid=$5

uuid=${uuid:1:36}
if [ -n "$uuid" ]; then
curl -s -X PUT -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/\{$uuid\}" \
-d "{\"uuid\": \"$uuid\", \"key\": \"$key\", \"value\": \"$value\", \"secured\": $secured }" \
> /dev/null
else
curl -s -X POST -u $BBUSERNAME:$BBSECRET -H 'Content-Type: application/json' \
"$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/" \
-d "{\"key\": \"$key\", \"value\": \"$value\", \"secured\" : $secured }" \
> /dev/null
fi
}

set_variables() {
while read -r repo_slug; do
pipeline_enabled=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config" | jq -r '.enabled')
if [ "$pipeline_enabled" = "true" ]; then
echo "Updating variables for $repo_slug"
variables=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET "$API_BASE_URL/repositories/$API_WORKSPACE/$repo_slug/pipelines_config/variables/")
access_key_id_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_ACCESS_KEY_ID") | .uuid')
secret_access_key_var_uuid=$(echo $variables | jq -r '.values[] | select(.key=="AWS_SECRET_ACCESS_KEY") | .uuid')
update_variable $repo_slug "AWS_ACCESS_KEY_ID" $AWS_ACCESS_KEY_ID "false" $access_key_id_var_uuid
update_variable $repo_slug "AWS_SECRET_ACCESS_KEY" $AWS_SECRET_ACCESS_KEY "true" $secret_access_key_var_uuid
fi
done < <(echo $projects | jq -r '.values[] | .slug')
}

set_variables

while [ -n "$nextpage" ]; do
projects=$(curl -s -X GET -u $BBUSERNAME:$BBSECRET $nextpage)
nextpage=$(echo $projects | jq -r '.next')
set_variables
done

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events