About bitbucket alm integration connection problem

Hello,

We are using Enterprise EditionVersion 8.6 (build 39681). We have onpremise bitbucket server and we are using “Atlassian Bitbucket v6.8.1” version.

I have a personal account at Bitbucket and have admin privileges. I create a "personal access token “from the” Manage account " Settings…

With the following command, I test the token through the sonarqube server and get a healthy result. So I’m listing out the latest commits… So far, I can see that it works on both my servers and connects with each other.

curl -H “Authorization: Bearer A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW” https://bitbucket.mydomain.com/projects/TST/repos/example/commits/?until=master

I select the “Bitbucket Server” option in the “ALM integrations” section of the web interface. (Administration > General Settings > Alm integrations > Bitbucket Server)

I click “Create configuration” and make the following settings. But it gives an error. “Unable to contact Bitbucket server”, “Pull Request Decoration=fail” and “Import repositories from your ALM=fail”

With these settings (token) I can get a response in the curl command above.

Configuration name: SonarQube
Bitbucket Server Url: https://bitbucket.mydomain.com
Personal Access Token: A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW

I also attached screenshots. Can you help me ?

Additional information;

• I am using ldaps. I tried these processes by creating a user with ldap or local. I tried it with admin user too.

• While doing these operations, I set the web log as “trace” and I see the logs below.

When I create a new configuration;

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-4,5,main] serves /api/alm_settings/create_bitbucket

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=0ms | sql=select st.uuid as uuid, st.user_uuid as "userUuid", st.expiration_date as "expirationDate", st.created_at as "createdAt", st.updated_at as "updatedAt" from session_tokens st where st.uuid=? | params=AXcaJxhzy0q4-XpXyjKx

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=1ms | sql=update session_tokens set expiration_date = ?, updated_at = ? where uuid = ? | params=1611316495894, 1611057295895, AXcaJxhzy0q4-XpXyjKx

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=0ms | sql=SELECT u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.scm_accounts as "scmAccounts", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.is_root as "root", u.onboarded as "onboarded", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u WHERE u.uuid=? | params=AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 ACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=1ms | sql=select gr.role from group_roles gr inner join groups_users gu on gr.group_uuid=gu.group_uuid where gr.component_uuid is null and gu.user_uuid=? union select gr.role from group_roles gr where gr.group_uuid is null and gr.component_uuid is null union select ur.role from user_roles ur where ur.user_uuid=? and ur.component_uuid is null | params=AXaV6Tzh4sr7wSvC2UBF, AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=0ms | sql=select a.kee as "key", a.uuid as "uuid", a.alm_id as "rawAlm", a.url as "url", a.app_id as "appId", a.private_key as "privateKey", a.pat as "personalAccessToken", a.client_id as "clientId", a.client_secret as "clientSecret", a.created_at as "createdAt", a.updated_at as "updatedAt" from alm_settings a where a.kee = ? | params=SonarQube

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFV][sql] time=1ms | sql=INSERT INTO alm_settings ( uuid, kee, alm_id, url, app_id, private_key, pat, client_id, client_secret, created_at, updated_at ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? ) | params=AXcaf3Iby0q4-XpXyjLD, SonarQube, bitbucket, https://bitbucket.mydomain.com/, 12, 12, A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW, 12, 12, 1611057295899, 1611057295899

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFW][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-5,5,main] serves /api/alm_settings/list_definitions

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFW][sql] time=1ms | sql=select st.uuid as uuid, st.user_uuid as "userUuid", st.expiration_date as "expirationDate", st.created_at as "createdAt", st.updated_at as "updatedAt" from session_tokens st where st.uuid=? | params=AXcaJxhzy0q4-XpXyjKx

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFW][sql] time=0ms | sql=SELECT u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.scm_accounts as "scmAccounts", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.is_root as "root", u.onboarded as "onboarded", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u WHERE u.uuid=? | params=AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFW][sql] time=1ms | sql=select gr.role from group_roles gr inner join groups_users gu on gr.group_uuid=gu.group_uuid where gr.component_uuid is null and gu.user_uuid=? union select gr.role from group_roles gr where gr.group_uuid is null and gr.component_uuid is null union select ur.role from user_roles ur where ur.user_uuid=? and ur.component_uuid is null | params=AXaV6Tzh4sr7wSvC2UBF, AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFW][sql] time=0ms | sql=select a.kee as "key", a.uuid as "uuid", a.alm_id as "rawAlm", a.url as "url", a.app_id as "appId", a.private_key as "privateKey", a.pat as "personalAccessToken", a.client_id as "clientId", a.client_secret as "clientSecret", a.created_at as "createdAt", a.updated_at as "updatedAt" from alm_settings a

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFX][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-3,5,main] serves /api/alm_settings/validate

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFX][sql] time=0ms | sql=select st.uuid as uuid, st.user_uuid as "userUuid", st.expiration_date as "expirationDate", st.created_at as "createdAt", st.updated_at as "updatedAt" from session_tokens st where st.uuid=? | params=AXcaJxhzy0q4-XpXyjKx

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFX][sql] time=0ms | sql=SELECT u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.scm_accounts as "scmAccounts", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.is_root as "root", u.onboarded as "onboarded", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u WHERE u.uuid=? | params=AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFX][sql] time=0ms | sql=select gr.role from group_roles gr inner join groups_users gu on gr.group_uuid=gu.group_uuid where gr.component_uuid is null and gu.user_uuid=? union select gr.role from group_roles gr where gr.group_uuid is null and gr.component_uuid is null union select ur.role from user_roles ur where ur.user_uuid=? and ur.component_uuid is null | params=AXaV6Tzh4sr7wSvC2UBF, AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:54:55 TRACE web[AXcaJiCGDWNrLEaIAAFX][sql] time=1ms | sql=select a.kee as "key", a.uuid as "uuid", a.alm_id as "rawAlm", a.url as "url", a.app_id as "appId", a.private_key as "privateKey", a.pat as "personalAccessToken", a.client_id as "clientId", a.client_secret as "clientSecret", a.created_at as "createdAt", a.updated_at as "updatedAt" from alm_settings a where a.kee = ? | params=SonarQube

When I click the “check configuration” button;

2021.01.19 14:55:02 TRACE web[AXcaJiCGDWNrLEaIAAFY][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-2,5,main] serves /api/alm_settings/validate

2021.01.19 14:55:02 TRACE web[AXcaJiCGDWNrLEaIAAFY][sql] time=1ms | sql=select st.uuid as uuid, st.user_uuid as "userUuid", st.expiration_date as "expirationDate", st.created_at as "createdAt", st.updated_at as "updatedAt" from session_tokens st where st.uuid=? | params=AXcaJxhzy0q4-XpXyjKx

2021.01.19 14:55:02 TRACE web[AXcaJiCGDWNrLEaIAAFY][sql] time=1ms | sql=SELECT u.uuid as uuid, u.login as login, u.name as name, u.email as email, u.active as "active", u.scm_accounts as "scmAccounts", u.salt as "salt", u.crypted_password as "cryptedPassword", u.hash_method as "hashMethod", u.external_id as "externalId", u.external_login as "externalLogin", u.external_identity_provider as "externalIdentityProvider", u.user_local as "local", u.is_root as "root", u.onboarded as "onboarded", u.reset_password as "resetPassword", u.homepage_type as "homepageType", u.homepage_parameter as "homepageParameter", u.last_connection_date as "lastConnectionDate", u.created_at as "createdAt", u.updated_at as "updatedAt" FROM users u WHERE u.uuid=? | params=AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:55:02 TRACE web[AXcaJiCGDWNrLEaIAAFY][sql] time=1ms | sql=select gr.role from group_roles gr inner join groups_users gu on gr.group_uuid=gu.group_uuid where gr.component_uuid is null and gu.user_uuid=? union select gr.role from group_roles gr where gr.group_uuid is null and gr.component_uuid is null union select ur.role from user_roles ur where ur.user_uuid=? and ur.component_uuid is null | params=AXaV6Tzh4sr7wSvC2UBF, AXaV6Tzh4sr7wSvC2UBF

2021.01.19 14:55:02 TRACE web[AXcaJiCGDWNrLEaIAAFY][sql] time=0ms | sql=select a.kee as "key", a.uuid as "uuid", a.alm_id as "rawAlm", a.url as "url", a.app_id as "appId", a.private_key as "privateKey", a.pat as "personalAccessToken", a.client_id as "clientId", a.client_secret as "clientSecret", a.created_at as "createdAt", a.updated_at as "updatedAt" from alm_settings a where a.kee = ? | params=SonarQube

11212×1334 95 KB

23316×992 244 KB

32560×1204 223 KB

41658×898 85.4 KB

Do you have any more logs in DEBUG level after the SQL queries?

I have set “TRACE” as log level. I wrote all the logs that came while I was testing. An extra different log was not received during the transactions.

I did not understand what to do with the logs. I don’t know how to fix this problem as it does not give me the information directing to me.

sonar.log.level.web=TRACE

Could you try this on the machine hosting SonarQube, to see if you can get more details?

Those are the calls made by SonarQube to test the connectivity:

curl -H "Authorization: Bearer " https://bitbucket.mydomain.com/rest/api/1.0/repos

curl -H "Authorization: Bearer A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW" https://bitbucket.mydomain.com/rest/api/1.0/users

curl -H "Authorization: Bearer A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW" https://bitbucket.mydomain.com/rest/api/1.0/repos

First of all, thank you for your support. I ran the tests quickly.

I’ll give additional information;
I use a few atlassian products. (Jira, Bitbucket, confluence… ) I connect Jira to active directory with adfs (such as ldaps). I also don’t open local users on Bitbucket and confluence, and I inherit from Jira. Of course, I don’t know if that’s a problem. Because I can do every operation on everything, just like a local user. Even the commands I test with curl, I do so with the token generated by my ldap user. (I gave it to it in case you needed this information.)

2. a lot of users were listed in the command, but I couldn’t see my own user. In addition, the listed users included users belonging to ldap trust domains.

3. the command listed projects and some repos. But I didn’t see them all. For example, the following section belongs to one of my main projects. But there should be about 20 repos in it, 1 of them appears.

{"slug":"testcodesrepo","id":435,"name":"testcodesrepo","scmId":"git","state":"AVAILABLE","statusMessage":"Available","forkable":true,"project":{"key":"OCD","id":165,"name":"operation-center-dr","description":"Operation Center Dr Project","public":false,"type":"NORMAL","links":{"self":[{"href":"https://bitbucket.mydomain.com/projects/OCD"}]}},"public":false,"links":{"clone":[{"href":"ssh://git@bitbucket.mydomain.com:7999/ocd/testcodesrepo.git","name":"ssh"},{"href":"https://bitbucket.mydomain.com/scm/ocd/testcodesrepo.git","name":"http"}],"self":[{"href":"https://bitbucket.mydomain.com/projects/OCD/repos/testcodesrepo/browse"}]}},

[sonarqube]# pwd
/opt/sonarqube/conf

[sonarqube]# ls …/
bin certs conf COPYING data elasticsearch extensions lib logs temp web

[sonarqube]# ls
sonar.properties wrapper.conf

[root@sonarqubedc01 conf]# curl -H “Authorization: Bearer” https://bitbucket.mydomain.com/rest/api/1.0/repos

{"size":0,"limit":25,"isLastPage":true,"values":[],"start":0}

[root@sonarqubedc01 conf]# curl -H “Authorization: Bearer A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW” https://bitbucket.mydomain.com/rest/api/1.0/users

{"size":25,"limit":25,"isLastPage":false,"values":[{"name":"__xxx.yyy","emailAddress":"xxx.yyy@anothordomain.com","id":955,"displayName":"XXX YYY | Test Compony","active":true,"slug":"__xxx.yyy","type":"NORMAL","links":{"self":[{"href":"https://bitbucket.mydomain.com/users/__xxx.yyy"}]}},
...

[root@sonarqubedc01 conf]# curl -H “Authorization: Bearer A2edasdkjalk2dA4dakdj21!124c1412+LaaaffW” https://bitbucket.mydomain.com/rest/api/1.0/repos

{"size":25,"limit":25,"isLastPage":false,"values":[{"slug":"accounting","id":400,"name":"Accounting","scmId":"git","state":"AVAILABLE","statusMessage":"Available","forkable":true,"project":{"key":"HO","id":223,"name":"XYZ Test","public":false,"type":"NORMAL","links":{"self":[{"href":"https://bitbucket.mydomain.com/projects/HO"}]}},
...

Yeah, thanks for running those tests. Everything is working as expected, I don’t see anything wrong here.

So the issue is clearly on SonarQube trying to connect Bitbucket. If the URL is correct, the Token is correct, and you have no connectivity issue, the only thing left to check is your SSL certificate. Is it self-signed?

Hi Pierre,

We use our wildcard certificate from comodo. It’s open to all internet traffic. It is also available without adding a trust certificate. For example, we also use it extensively with jenkins. (jenkins is in a different domain, bitbucket is in a different domain. ) I think there is no problem in SSL.

But I don’t know what the problem is.
i added new screnshots.

s1616×634 32.3 KB

s2617×635 35.1 KB

s3619×638 33.7 KB

Hello there;

I need help. I don’t know what to do right now. I cannot use my application because I cannot connect my bitbucket.

Hostnames now need to be defined as a SubjectAlternativeName in a certificate. some threads in this forum are related, here and here.

Hi Pierre;

I’m very sorry, but I have difficulty understanding and doing it. Please forgive me. I could not understand exactly what to do. Can you help by giving a more details?

I have added my certificate to the existing truststore (crt, key and ca root). I created this truststore to use ldaps. when I check it with the keytool command, i can verify my newly added certificate.

my sonarqube web address is sonarqube.mydomain1.com (comodo wilcard ssl)
my bitbucket web address is bitbucket.mydomain2.com (comodo wilcard ssl)

I have defined the subdomain address of my bitbucket server domain for the sonarqube server. I made the same setting in the hosts file.

[root@sonarqubeserver ]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 sonarqube.mydomain1.com sonarqube.mydomain2.com
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
#192.168.1.3   sonarqube.mydomain1.com sonarqube.mydomain2.com

previously, my server hostname was my SonarQube domain address. But now I’ve replaced the hostname domain with the one I use in Bitbucket.

[root@sonarqubeserver ]# hostname -A
sonarqube.mydomain2.com

I’m doing proxy forwarding with nginx.

  server {
    listen   *:443 ssl;
    server_name sonarqube.mydomain1.com sonarqube.mydomain2.com

    ssl_certificate	 /etc/nginx/ssl/mydomain1.crt;
    ssl_certificate_key  /etc/nginx/ssl/mydomain1.key;

    # allow large uploads of files
    client_max_body_size 2G;

    # optimize downloading files larger than 1G
    #proxy_max_temp_file_size 2G;

    location / {
      proxy_pass http://127.0.0.1:9000;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
    }
  }
}

I have done all these procedures but I cannot get a successful result.

You need to regenerate the SSL certificate to include specifically your domains as SubjectAlternativeName.

Hi Pierre,

I edited my sonarqube settings and i did the same with my bitbucket domain. I have a Wildcard certificate. I don’t understand why i need extra san record.

I don’t use a free wildcard. When I check my certificate, I can see it’s have a SAN.

Subject Alternative Names: *.mydomain.com mydomain.com

Can this be a different problem, not related to the certificate ?

I checked the site below and share the result as a screenshot.

wildcard1794×1380 371 KB

well, the SAN have to match exactly the domain. So you need a SAN entry with bitbucket.mydomain.com, matching precisely the endpoint that is going to be used by SonarQube to access Bitbucket.

Sorry for my late reply. I could just test it. I saw it working. I have added certificates with common name to bitbucket server. It finally worked!

Thank you very much for your support.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.