bitbucket: Support Basic Auth (#2045)

* bitbucket: Support Basic Auth

* Rename username to user

* Document user/password options

* Rename username to workspace

* Deprecate username

* Fix credentials_required error_message

* Fix credentials_required error_message

* Test user/password/workspace options and env vars

* Update a test to use user/password/workspace for each module

* Fix check auth arguments

* Use required_one_of/required_together

* Fix required typo

* Fix fetch_access_token

* Fix tests 🤞

* Switch things up in test_bitbucket_access_key

* Fix username/password are None

* Remove username/password properties, use params directly

* Update plugins/doc_fragments/bitbucket.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/source_control/bitbucket.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/source_control/bitbucket.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/source_control/bitbucket.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_access_key.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_key_pair.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_known_host.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_variable.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_access_key.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/source_control/bitbucket/bitbucket_pipeline_key_pair.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Document OAuth/Basic Auth precedence

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove no_log=False from user argument

* Add changelog fragment

* Correct wording and formatting in changelog

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelogs/fragments/2045-bitbucket_support_basic_auth.yaml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>

plugins/module_utils/source_control/bitbucket.py

@@ -15,13 +15,6 @@ from ansible.module_utils.urls import fetch_url, basic_auth_header
 class BitbucketHelper:
     BITBUCKET_API_URL = 'https://api.bitbucket.org'
 
-    error_messages = {
-        'required_client_id': '`client_id` must be specified as a parameter or '
-                              'BITBUCKET_CLIENT_ID environment variable',
-        'required_client_secret': '`client_secret` must be specified as a parameter or '
-                                  'BITBUCKET_CLIENT_SECRET environment variable',
-    }
-
     def __init__(self, module):
         self.module = module
         self.access_token = None
@@ -29,35 +22,40 @@ class BitbucketHelper:
     @staticmethod
     def bitbucket_argument_spec():
         return dict(
-            client_id=dict(type='str', no_log=True, fallback=(env_fallback, ['BITBUCKET_CLIENT_ID'])),
+            client_id=dict(type='str', fallback=(env_fallback, ['BITBUCKET_CLIENT_ID'])),
             client_secret=dict(type='str', no_log=True, fallback=(env_fallback, ['BITBUCKET_CLIENT_SECRET'])),
+            # TODO:
+            # - Rename user to username once current usage of username is removed
+            # - Alias user to username and deprecate it
+            user=dict(type='str', fallback=(env_fallback, ['BITBUCKET_USERNAME'])),
+            password=dict(type='str', no_log=True, fallback=(env_fallback, ['BITBUCKET_PASSWORD'])),
         )
 
-    def check_arguments(self):
-        if self.module.params['client_id'] is None:
-            self.module.fail_json(msg=self.error_messages['required_client_id'])
+    @staticmethod
+    def bitbucket_required_one_of():
+        return [['client_id', 'client_secret', 'user', 'password']]
 
-        if self.module.params['client_secret'] is None:
-            self.module.fail_json(msg=self.error_messages['required_client_secret'])
+    @staticmethod
+    def bitbucket_required_together():
+        return [['client_id', 'client_secret'], ['user', 'password']]
 
     def fetch_access_token(self):
-        self.check_arguments()
+        if self.module.params['client_id'] and self.module.params['client_secret']:
+            headers = {
+                'Authorization': basic_auth_header(self.module.params['client_id'], self.module.params['client_secret']),
+            }
 
-        headers = {
-            'Authorization': basic_auth_header(self.module.params['client_id'], self.module.params['client_secret'])
-        }
+            info, content = self.request(
+                api_url='https://bitbucket.org/site/oauth2/access_token',
+                method='POST',
+                data='grant_type=client_credentials',
+                headers=headers,
+            )
 
-        info, content = self.request(
-            api_url='https://bitbucket.org/site/oauth2/access_token',
-            method='POST',
-            data='grant_type=client_credentials',
-            headers=headers,
-        )
-
-        if info['status'] == 200:
-            self.access_token = content['access_token']
-        else:
-            self.module.fail_json(msg='Failed to retrieve access token: {0}'.format(info))
+            if info['status'] == 200:
+                self.access_token = content['access_token']
+            else:
+                self.module.fail_json(msg='Failed to retrieve access token: {0}'.format(info))
 
     def request(self, api_url, method, data=None, headers=None):
         headers = headers or {}
@@ -66,6 +64,10 @@ class BitbucketHelper:
             headers.update({
                 'Authorization': 'Bearer {0}'.format(self.access_token),
             })
+        elif self.module.params['user'] and self.module.params['password']:
+            headers.update({
+                'Authorization': basic_auth_header(self.module.params['user'], self.module.params['password']),
+            })
 
         if isinstance(data, dict):
             data = self.module.jsonify(data)