feat(bitbucketdatacenter): allow service accounts to not require user setup

[Ru13en]

📝 Description of the Change

Previously, using project or repository HTTP scoped tokens required configuring an associated user, even when the token already provided the necessary access context.
This PR removes the requirement to configure a user when using HTTP tokens from project and repository scopes.
It updates authentication flow to rely directly on the scoped token context, when only token is provided.
Related validation and tests were adjusted accordingly

🔗 Linked GitHub Issue

Fixes #
#2685

🧪 Testing Strategy

• Unit tests
• Integration tests
• End-to-end tests
• Manual testing
• Not Applicable

🤖 AI Assistance

AI assistance can be used for various tasks, such as code generation,
documentation, or testing.

Please indicate whether you have used AI assistance
for this PR and provide details if applicable.

• I have not used any AI assistance for this PR.
• I have used AI assistance for this PR.

Important

Slop will be simply rejected, if you are using AI assistance you need to make sure you
understand the code generated and that it meets the project's standards. you
need at least know how to run the code and deploy it (if needed). See
startpaac to make it easy
to deploy and test your code changes.

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Claude noreply@anthropic.com

✅ Submitter Checklist

• 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
• ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
• ♽ I have run make test and make lint locally to check for and fix any
  issues. For an efficient workflow, I have considered installing
  pre-commit and running pre-commit install to
  automate these checks.
• 📖 I have added or updated documentation for any user-facing changes.
• 🧪 I have added sufficient unit tests for my code changes.
• 🎁 I have added end-to-end tests where feasible. See README for more details.
• 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
• If adding a provider feature, I have filled in the following and updated the provider documentation:
  • GitHub App
  • GitHub Webhook
  • Gitea/Forgejo
  • GitLab
  • Bitbucket Cloud
  • Bitbucket Data Center

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: Ru13en / name: Ruben Rodrigues (afb412f)

[gemini-code-assist]

Code Review

This pull request updates the Bitbucket Data Center provider to allow authentication without an explicitly defined user by falling back to a direct repository URL request for token validation. Feedback from the review highlights a critical need for a nil check on the repository object to prevent runtime panics. Furthermore, the current error handling logic needs refinement to avoid malformed error strings when wrapping nil errors and to provide more accurate messaging when the user field is empty.

[gemini-code-assist]

The repo pointer is used later in this function (at line 324) and indirectly via v.Client() (which records metrics using v.repo). If repo is nil, the application will panic when accessing repo.Spec.URL. A nil check should be added before proceeding with validation to ensure defensive programming and avoid runtime panics.

	if repo == nil {
		return fmt.Errorf("repository object is nil")
	}
	var resp *scm.Response
	var err error

[gemini-code-assist]

This error handling block has two issues:

1. If resp.Status is http.StatusUnauthorized but err is nil (which occurs with raw v.Client().Do calls as they do not parse error bodies), using %w with a nil error produces the string %!w(<nil>).
2. If event.Provider.User is empty (as allowed by this PR), the error messages "failed validation of user " and "user validation failed" are misleading; they should refer to token validation instead.

Suggested change

	if resp != nil && resp.Status == http.StatusUnauthorized {
	return fmt.Errorf("cannot get user %s with token: %w", event.Provider.User, err)
	return fmt.Errorf("failed validation of user %s with provided token: %w", event.Provider.User, err)
	}
	if err != nil {
	return fmt.Errorf("cannot get user %s: %w", event.Provider.User, err)
	return fmt.Errorf("user validation failed with: %w", err)
	}
	if resp != nil && resp.Status == http.StatusUnauthorized {
	msg := "failed validation of provided token"
	if event.Provider.User != "" {
	msg = fmt.Sprintf("failed validation of user %s with provided token", event.Provider.User)
	}
	if err != nil {
	return fmt.Errorf("%s: %w", msg, err)
	}
	return fmt.Errorf("%s", msg)
	}
	if err != nil {
	msg := "token validation failed"
	if event.Provider.User != "" {
	msg = "user validation failed"
	}
	return fmt.Errorf("%s with: %w", msg, err)
	}

[gemini-code-assist]

The test expectation includes %!w(<nil>), which confirms that the implementation's error formatting is currently broken (it's trying to wrap a nil error using %w). This expectation should be updated to a meaningful message once the implementation is fixed to handle nil errors correctly.

Suggested change

	wantErrSubstr: "failed validation of user with provided token: %!w(<nil>)",
	wantErrSubstr: "failed validation of provided token",

[mathur07]

small issue with error handling here — when event.Provider.User is empty (which is now allowed by this PR), and the HTTP request returns 401 but err == nil (which happens when the server responds with unauthorized but the request itself succeeded), this produces malformed error output like %!w(<nil>).

the test case at line 372 actually documents this bug:

wantErrSubstr: "failed validation of user  with provided token: %!w(<nil>)"

worth checking if err is nil before using %w, or restructuring the error messages to distinguish between:

• "failed validation of user X with provided token" (when user is set)
• "failed validation of token" (when only token is provided)

something like:

if resp != nil && resp.Status == http.StatusUnauthorized {
    if event.Provider.User != "" {
        return fmt.Errorf("failed validation of user %s with provided token: %w", event.Provider.User, err)
    }
    return fmt.Errorf("token validation failed: unauthorized")
}

[Ru13en]

Error handling improved. Commit amended. Thanks for the suggestions

[mathur07]

/lgtm
cc: @zakisk @theakshaypant

[zakisk]

/ok-to-test

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 85.71429% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.30%. Comparing base (c615efb) to head (afb412f).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...rovider/bitbucketdatacenter/bitbucketdatacenter.go	85.71%	2 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2726      +/-   ##
==========================================
+ Coverage   59.25%   59.30%   +0.04%     
==========================================
  Files         208      208              
  Lines       20573    20604      +31     
==========================================
+ Hits        12191    12219      +28     
- Misses       7610     7612       +2     
- Partials      772      773       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.