🪣 Bitbucket Server PAT Generator

Overview

🪣 Bitbucket Server PAT Generator

🤝 Introduction

Bitbucket Server (nee Stash) can hand out Personal Access Tokens (PAT) to be used in-place of user+password authentication.

When machine (rather than human) access to Stash is required, ideally it should be via short-lived credentials. This GitHub Action will take user+password credentials, and use them to generate a PAT. Your GitHub Actions workflow should then use the PAT whenever authenticating to Stash.

Wait. What? 🤔

Why would you use a PAT if you have a user+password already?

Ideally this GitHub Action is used in conjunction with Hashicorp Vault, which will automatically rotate the Stash user's password (e.g. using the AD secrets engine). This means during an execution of a (relatively long running) GitHub Actions workflow, the password could change from the value originally obtained from Vault.

Obtaining a PAT allows us to avoid this issue, since the PAT will not be rotated (or used again).

Not perfect

This isn't the perfect way to go about getting a PAT from Stash for GitHub Actions when Vault is in the mix. The ideal solution is to create a new Vault secrets engine that would connect to Stash directly and generate the PAT. This would simplify the implementation on the GitHub Actions side, since you could just use the Hashicorp Vault Action.

We have chosen not to create a new Vault secrets engine, as we could deliver this GitHub Action more quickly and simply (as opposed to creating, building, publishing and installing a Vault plugin).

📄 Use

⌨️ Example

      - name: Get creds from Vault
        id: vault
        uses: hashicorp/[email protected]
        with:
          url: https://vault.example.org/
          method: jwt
          exportEnv: false
          secrets: |
              ad/creds/svc_github_stash username | username ;
              ad/creds/svc_github_stash current_password | password

      - name: Get PAT for Stash
        id: stash
        uses: reecetech/[email protected]
        with:
          base_url: https://stash.example.org/
          username: ${{ steps.vault.outputs.username }}
          password: ${{ steps.vault.outputs.password }}

      - name: Clone repo from Stash
        uses: reecetech/[email protected]
        with:
          url: https://stash.example.com/scm/example/repo.git
          username: ${{ steps.vault.outputs.username }}
          password: ${{ steps.stash.outputs.pat }}

📥 Inputs

🚧 To be completed

name description required default

📤 Outputs

name description
username The username to connect to Stash
pat The personal access token to use to connect to Stash
pat_id The ID of the PAT which can be used to revoke the token

🚧 Limitations

Currently the Action will only generate PATs with REPO_WRITE and PROJECT_WRITE permissions. Further contributions are required to support either read-only or admin PATs.

💕 Contributing

Please raise a pull request, but note the testing tools below

pylint

pylint is used to lint the Python code

See: https://pylint.org/

You might also like...
Dns-Client-Server - Dns Client Server For Python

Dns-client-server DNS Server: supporting all types of queries and replies. Shoul

A Python Discord bot project generator

Heater Heat up a Discord bot in a blink What is Heater? Heater is a Command Line Interface tool which allows you to generate a barebones Python Discor

Discord Token Generator of a project - Some stupids ppl are trying to leak it so i'm leaking faster :)

Original creator: Rolf (dort) HCaptcha Bypasser: h0nde Shark.Solar Discord Token Generator of a project - Some stupids ppl are trying to leak it so i'

🦊 Powerfull Discord Nitro Generator
🦊 Powerfull Discord Nitro Generator

🦊 Follow me here 🦊 Discord | YouTube | Github ☕ Usage 💻 Downloading git clone https://github.com/KanekiWeb/Nitro-Generator/new/main pip insta

An hcaptcha-solving discord account generator; capable of randomizing names, profile pictures, and verifying phone numbers.

discord-account-generator An hcaptcha-solving discord account generator; capable of randomizing names, profile pictures, and verifying phone numbers.

Simple Instagram Login Link Generator

instagram-account-login Simple Instagram Login Link Generator Info Program generates instagram login links and you may get into someone´s thought the

A httpx token generator for discord [ hcaptcha bypass ]

Discord-Token-Generator-Yazato A httpx token generator for discord This generator was developed by Aced#0001, Dreamy Tos Follower#0001, Scripted#0131

A simple Facebook Account generator, written in python (needs different Email so Accounts do not get banned)

FacebookAccountGenerator FAB is a Facebook-Account generating script, written in python Installation Use the package manager pip to install selenium p

📅 Calendar file generator for triathlonlive.tv upcoming events

Triathlon Live Calendar Calendar file generator for triathlonlive.tv upcoming events. Install Requires Python 3.9.4 and Poetry. $ poetry install Runni

Comments
  • Optional docker running

    Optional docker running

    This should speed builds, since consuming workflows will not pre-build the docker image whether the action is invoked or not (which most of the time at Reece it will not be invoked, since it's behind an if) - saving ~25s every build!

    The drawback is that composite actions have no ability to have a post stage - and thus automatic clean up of PATs will no longer occur

    The workaround for the drawback is to explicitly revoke the token in the consuming workflow

    opened by ps-jay 0
  • Dockerising action

    Dockerising action

    Using Docker for running the action. This is mainly to get around with incompatibility issues with Python setup on Amazon Linux.

    (We may need to revise whether we need to stick with AL for runners later, which doesn't seem to be a supported architecture)

    opened by asangas 0
  • Bump certifi from 2022.9.24 to 2022.12.7

    Bump certifi from 2022.9.24 to 2022.12.7

    Bumps certifi from 2022.9.24 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(2022.11.5)
Owner
reecetech
reecetech
Plazmix API wrapper for Python

An optimised, easy to use Plazmix API wrapper written in Python

Someone 2 Nov 16, 2021
A bot written in python that send prefilled Google Forms. It supports multithreading for faster execution time.

GoogleFormsBot https://flassy.xyz https://github.com/Shawey/GoogleFormsBot Requirements: os (Default) ast (Default) threading (Default) configparser (

Shawey 1 Jul 10, 2022
Framework for creating and running trading strategies. Blatantly stolen copy of qtpylib to make it work for Indian markets.

_• Kinetick Trade Bot Kinetick is a framework for creating and running trading strategies without worrying about integration with broker and data str

Vinay 41 Dec 31, 2022
聚合空间测绘搜索(Fofa,Zoomeye,Quake,Shodan,Censys,BinaryEdge)

#Search-Tools Search-Tools集合比较常见的网络空间探测引擎 Fofa,Zoomeye,Quake,Shodan,Censys,BinaryEdge 简单说明 ICO搜索目前只有Fofa,Shodan,Quake支持 代理设置是防止在API请求过于频繁,或者在实战中,好多红队打

311 Dec 16, 2022
Erhalten Sie wichtige Warnmeldungen des Bevölkerungsschutzes für Gefahrenlagen wie zum Beispiel Gefahrstoffausbreitung oder Unwetter per Programmierschnittstelle.

nina-api Erhalten Sie wichtige Warnmeldungen des Bevölkerungsschutzes für Gefahrenlagen wie zum Beispiel Gefahrstoffausbreitung oder Unwetter per Prog

Bundesstelle für Open Data 68 Dec 19, 2022
A Powerful Telethon Based Telegram Spam Bot.

Yukki Multi Spam Bot 🚀 Deploy on Heroku You can Use these API ID and API HASH while deploying String Session No Requirement of API ID and API HASH Ge

46 Dec 23, 2022
Python Tool To Get The Date That Your Account Joined Instagram

Date-Joined-Insta Python Tool To Get The Date That Your Account Joined Instagram You Dont Need To Login Just Enter The UserName If Id Did Not Work Ins

A B D U L L A H . 1 Dec 21, 2021
A discord bot that utilizes Google's Rest API for Calendar, Drive, and Sheets

Bott This is a discord bot that utilizes Google's Rest API for Calendar, Drive, and Sheets. The bot first takes the sheet from the schedule manager in

1 Dec 04, 2021
A discord bot made by the community (uses python)

discord community bot context: this is a discord bot made by the community by community i mean people adding commands to the bot or changing the bot b

TR ASH 0 Oct 11, 2022
Simple Telegram Bot to Download and Upload Files From Mega.nz

Mega.nz-Bot Simple Telegram Bot to Download Files From Mega.nz and Upload It to Telegram Features All Mega.nz File Links supported No login required A

I'm Not A Bot #Left_TG 245 Jan 01, 2023
Easily report Instagram pages and close the page

Program Features - 📌 Delete target post on Instagram. - 📌 Delete Media Target post on Instagram - 📌 Complete deletion of the target account on Inst

hack4lx 11 Nov 25, 2022
Deleting someone else's Instagram account, repeat until the target account is blocked.

Program Features 📌 Instagram report V4. 📌 Coded with the latest version of Python. 📌 Has automatic scheduling. 📌 Full account report. 📌 Report a

hack4lx 16 Oct 25, 2022
Async client API for the Telegram Group Calls

PyTgCalls This project allow to make Telegram group call with MTProto Api using Pyrogram and WebRTC, this is possible thanks to the power of NodeJS's

185 Jan 03, 2023
Create light scenes , voice control, ifttt, fuzzywuzzy speech correction and much more with Tuya light bulbs.

LightBox Features: Auto discover tuya lights Set and create moods (aka: light profiles) Change moods via IFTTT List moods via IFTTT FuzzyWuzzy, speech

Robert Nagtegaal 1 Dec 20, 2021
Personal Discord Python Bot based on Discord.py

Personal Discord bot using the discord.py library by Rapptz

2 Dec 14, 2022
Cloud-optimized, single-file archive format for pyramids of map tiles

PMTiles PMTiles is a single-file archive format for tiled data. A PMTiles archive can be hosted on a commodity storage platform such as S3, and enable

Protomaps 325 Jan 04, 2023
this repo store a Awoesome telegram bot for protect from your large group from bot attack.

this repo store a Awoesome telegram bot for protect from your large group from bot attack.

Mehran Alam Beigi 2 Jul 22, 2022
A discord bot providing notifications of player activity on a minecraft server.

tos-alert A discord bot providing notifications of player activity on a minecraft server. Setup By default the app does not launch and will crash with

1 Jul 22, 2022
Dados Públicos de CNPJ disponibilizados pela Receita Federal do Brasil

Dados Públicos CNPJ Fonte oficial da Receita Federal do Brasil, aqui. Layout dos arquivos, aqui. A Receita Federal do Brasil disponibiliza bases com o

Aphonso Henrique do Amaral Rafael 102 Dec 28, 2022