Attempting to manage BitBucket via Terraform and got some ... oddities

A bit of a moan due to the difficulty in doing something that should be simple. If you’re a BitBucket client/user, then you may have the same sort of issue.

And so …

First of all, the lack of a supported Terraform Provider to BitBucket Cloud is really REALLY frustrating. Attempting to manage, manually, a hundred repositories which have a LOT of commonality, but not 100% is entirely a dumb way to do things. As a computer programmer, the idea that ANYONE should be pressing buttons without the work being verified, and passed to an IaC for deployment is sort of wrong. We automate stuff. That’s what we do.

Secondly, attempting to use GitHub - DrFaust92/terraform-provider-bitbucket: Terraform Bitbucket Cloud provider. and it, like many open source tools, moves when and how it wants. Sadly, not as actively maintained as I would want.

Thirdly, the API documentation for BitBucket Cloud doesn’t seem to match all the functionality of BitBucket Cloud Service.

For example, take this Deployment setup:


The 2 important elements here are the fact that only the master branch can be deployed to Production and only Admins can deploy. 2 fairly good damage prevention aspects for a pipeline.

But in the API documentation for Deployments (developer[dot]atlassian[dot]com/cloud/bitbucket/rest/api-group-deployments/#api-repositories-workspace-repo-slug-environments-post) doesn’t show the exact property in the “Additional Properties”.

In looking at the relevant code at terraform-provider-bitbucket/bitbucket/resource_deployment.go at c408e1316ef18b5024f03fdead44bdf5833d16f1 · DrFaust92/terraform-provider-bitbucket · GitHub shows there is 1 property known called “admin_only”. And that works fine.

But the BitBucket documentation is missing this and so now I have to make my own API call to find out what the result looks like. But now we are in ANOTHER issue.

developer[dot]atlassian[dot]com/cloud/bitbucket/rest/api-group-deployments/#api-repositories-workspace-repo-slug-deployments-deployment-uuid-get shows how to make the call, but doesn’t even include any of the additional properties in the output. So to actually use BitBucket API, I’m having to actually run things with the rights to make the calls which are not necessary for a developer. Whilst I am a full server admin with BitBucket, this is really not a pleasant experience. But … moving on … let’s make the call.

So, I first made the GET to get the full list. It showed the admin_only entry correctly:

      "restrictions": {
        "type": "deployment_restrictions_configuration",
        "admin_only": true

but no master branch restriction.

I tried the endpoint to ask for a single environment by adding the UUID to the the end of the get list (having worked out the %7B / %7D fuss).

And nothing extra there.

So the option in the UI is simply not present in the API.

I could understand if the branch restriction was for a higher paid service in some form, but considering the admin_only option IS for the “Premium” service, I’m seeing and controlling that via Terraform, I’d expect to be able to control the non premium element too. If not by the current DrFaust92’s provider, at least by a standard API call.

And this is just 1 property. How many more are missing from the API or documented inconsistently?

1 Like