Skip to content

Feat: Added APIBaseURL Auth Parameter #345

Merged
ktrysmt merged 5 commits intoktrysmt:masterfrom
HauptJ:add-apibaseurl-auth-param
Feb 22, 2026
Merged

Feat: Added APIBaseURL Auth Parameter #345
ktrysmt merged 5 commits intoktrysmt:masterfrom
HauptJ:add-apibaseurl-auth-param

Conversation

@HauptJ
Copy link
Copy Markdown
Contributor

@HauptJ HauptJ commented Feb 17, 2026
edited
Loading

This is to support custom API Base URL hostnames being passed in, as Bitbucket Isolated Cloud will have unique API hostnames.

Adds the following Client builder functions that take in the API Base URL as a string variable.

  • NewOAuthbearerTokenWithBaseUrlStr()
  • NewOAuthbearerTokenWithBaseUrlStrCaCert
  • NewBasicAuthWithBaseUrlStr()
  • NewBasicAuthWithBaseUrlStrCaCert()

Resolves:
#346

@HauptJ
Added APIBaseURL Auth Param and tests for it
2337823 
Signed-off-by: Joshua Nathaniel Haupt <[email protected]>
@HauptJ HauptJ changed the title Added APIBaseURL Auth Parameter Feat: Added APIBaseURL Auth Parameter Feb 17, 2026
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist bot commented Feb 17, 2026

Summary of Changes

Hello @HauptJ, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the client's ability to connect to Bitbucket instances by allowing users to specify a custom API Base URL directly during client initialization. This change is crucial for supporting specialized Bitbucket deployments, such as Isolated Cloud, which may use unique hostnames. The modifications involve adding new client constructors, updating the internal authentication structure to store the custom URL, and refactoring the HTTP client setup for better isolation and security. The comprehensive test suite has also been refactored to align with these new capabilities and improve overall test reliability.

Highlights

  • Custom API Base URL Support: Introduced new client builder functions that allow specifying a custom API Base URL as a string parameter, catering to environments like Bitbucket Isolated Cloud.
  • Enhanced Client Initialization: Added apiBaseUrl field to the auth struct and refactored the injectClient function to prioritize explicitly provided base URLs over environment variables, improving flexibility.
  • Improved HTTP Client Configuration: Modified the appendCaCerts function to explicitly set MinVersion: tls.VersionTLS12 for TLS configurations and removed the modification of http.DefaultTransport, ensuring more isolated and secure client instances.
  • Refactored Test Suite: The entire test suite has been updated to utilize new, more robust setup functions (setupBasicAuthTest, SetupBearerToken, etc.) and environment variables for owner, repository, and access tokens, making tests more maintainable and adaptable to different configurations.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog
  • client.go
    • Renamed apiBaseUrl function to apiBaseUrlEnv to clarify its purpose of reading from environment variables.
    • Added MinVersion: tls.VersionTLS12 to TLS client configuration for enhanced security.
    • Removed direct modification of http.DefaultTransport in appendCaCerts to prevent global side effects.
    • Added apiBaseUrl *url.URL field to the auth struct to store custom base URLs.
    • Introduced new client constructor functions: NewOAuthbearerTokenWithBaseUrlStr, NewOAuthbearerTokenWithBaseUrlStrCaCert, NewBasicAuthWithBaseUrlStr, and NewBasicAuthWithBaseUrlStrCaCert.
    • Updated injectClient logic to prioritize the apiBaseUrl from the auth struct and handle HTTP client creation for CA certificates internally.
  • tests/branchrestrictions_test.go
    • Updated test functions (TestBranchRestrictionsKindPush, TestBranchRestrictionsKindRequirePassingBuilds, TestBranchRestrictionsGets) to use setupBasicAuthTest for client initialization.
    • Replaced direct owner and repo variables with ownerEnv and repoEnv for consistency with environment variable usage.
  • tests/client_test.go
    • Added new constants (EXPECTED_BASE_URL_STR, EXPECTED_BASE_URL_HOST, EXPECTED_BASE_URL_PORT, EXPECTED_TOKEN, EXPECTED_USERNAME, EXPECTED_PASSWORD) for test data.
    • Updated existing client tests to use the new constants.
    • Added new test cases (TestClientNewBasicAuthBaseUrlStr, TestClientNewBasicAuthBaseUrlStrCaCert, TestClientWithBearerTokenWithBaseUrlStrCaCert) to validate the new client constructors with custom base URLs and CA certificates.
  • tests/repository_access_token_test.go
    • Removed direct os.Getenv calls for access token, workspace, and repo slug.
    • Refactored TestAddGetandDeletePipelineVariableAccess to use SetupBearerToken.
    • Added TestAddGetandDeletePipelineVariableAccessWithTokenBaseUrlCaCert to test the new client constructor with base URL and CA certs.
    • Modified testApiCalls to accept bitbucket.Client and bitbucket.RepositoryPipelineVariableOptions directly, simplifying its signature.
  • tests/repository_test.go
    • Updated TestGetRepositoryRefs error message for clarity.
    • Updated TestListBranches to use setupBasicAuthTest for client initialization and ownerEnv/repoEnv for repository options.
  • tests/test_setup.go
    • Renamed global environment variables (user, pass, owner, repo) to userEnv, passEnv, ownerEnv, repoEnv and added accessTokenEnv, baseUrlStrEnv.
    • Introduced helper functions checkOwnerRepoSet, checkAccessTokenSet, checkBaseUrlStrSet for validating environment variables.
    • Replaced the generic setup function with specific setup functions: setupBasicAuthTest, SetupBearerToken, SetupBearerTokenWithBaseUrlStr, and SetupBearerTokenWithBaseUrlStrCaCert.
    • Enhanced SetupBearerTokenWithBaseUrlStrCaCert to dynamically fetch CA certificates if not provided, based on the base URL.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@HauptJ HauptJ force-pushed the add-apibaseurl-auth-param branch from 28204ec to 533f6ca Compare February 17, 2026 18:25
@HauptJ
Copy link
Copy Markdown
Contributor Author

HauptJ commented Feb 17, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the ability to specify a custom API Base URL for the Bitbucket client, crucial for environments like Bitbucket Isolated Cloud, and refines the handling of CA certificates. However, a security issue was identified in how the HTTP transport is configured when custom CA certificates are used, which could lead to proxy bypass and denial-of-service vulnerabilities. The implementation also includes new client constructor functions and a significantly refactored and expanded test suite.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the ability to specify a custom API Base URL for the Bitbucket client, which is crucial for environments like Bitbucket Isolated Cloud. New client builder functions have been added to support this, along with corresponding updates to the auth struct and injectClient logic. The test suite has been refactored to use new setup functions and environment variables for better consistency and error handling. Overall, the changes enhance the flexibility and robustness of the client. There are a few minor improvements suggested for error messages and test setup logic to prevent potential issues and improve clarity.

@HauptJ
Clone http.DefaultTransport and then modify its TLSClientConfig
ffcf00b 
Resolves: The http.Transport created here lacks important default settings such as timeouts (DialContext, TLSHandshakeTimeout), idle connection limits, and most importantly, ProxyFromEnvironment. This can lead to the client bypassing system-configured proxies and being vulnerable to denial-of-service attacks if the server is slow or malicious. It is recommended to clone http.DefaultTransport and modify its TLSClientConfig instead of creating a new one from scratch.

Signed-off-by: Joshua Nathaniel Haupt <[email protected]>
@HauptJ
Clone default transport and then append tls config
61e7162 
- Added t.Fatal for critical client build constructor failures in test_setup.go
- Cleaned up error messages

Signed-off-by: Joshua Nathaniel Haupt <[email protected]>
@HauptJ HauptJ force-pushed the add-apibaseurl-auth-param branch from aadb021 to 61e7162 Compare February 17, 2026 20:07
@HauptJ
Copy link
Copy Markdown
Contributor Author

HauptJ commented Feb 17, 2026

@ktrysmt this is ready for your review.

ktrysmt
ktrysmt approved these changes Feb 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@ktrysmt ktrysmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ktrysmt ktrysmt merged commit 7dfeaa5 into ktrysmt:master Feb 22, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ktrysmt ktrysmt ktrysmt approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HauptJ @ktrysmt