Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-19906

Bamboo allows successful saving of a Bitbucket repository with trusted keys enabled and Bitbucket is untrusted

XMLWordPrintable

      Problem Description:

      When creating a Bitbucket Server repository with Trusted Keys enabled and Bitbucket hasn't been added to the list of trusted keys; in more recent versions of Bamboo it will report that the repository has been saved successfully. Older versions may prevent you from saving it with little information as to why without debug logging. Once you re-visit the repository after saving it, it will say there's a connection issue. Running the plan once in this state will result in a java.lang.IllegalArgumentException: Cannot read keypair exception.

      How to Reproduce:
      1. Go to Bamboo Administration >> Overview >> Security Settings and enable "Manage trusted keys"
      2. Don't add Bitbucket's SSH public key to the trusted key list.
      3. Create a Bitbucket Linked repository and save. It appears that the save is successful.
      4. Trigger the plan and it will error.
      Expected Result:

      When saving the repository, an error should be shown in the UI that Bitbucket's SSH public key is not trusted and the repository shouldn't be created or modified.

      Actual Result:

      The UI reports that it the repository has been saved successfully, when it should error since it hasn't been able to verify the SSH connection after posting the public key. The below is shown in the logs after saving the repository which is correct:

      2019-12-05 16:37:07,780 INFO [http-nio-8085-exec-4] [BitbucketServerServerConfigurator] Public key was added to Bitbucket Server (Bamboo user: bamboo, application: Bitbucket [https://localhost/bitbucket], location: repository PROJ/repo): ssh-rsa AAAAB3NzaC1yc2EAAAADA....W9wJlS7U0NakBt https://localhost/bamboo
2019-12-05 16:37:07,823 WARN [sshd-SshClient[6306d436]-nio2-thread-2] [ClientSessionImpl] exceptionCaught(ClientSessionImpl[git@localhost/127.0.0.1:7999])[state=Opened] SshException: Server key did not validate
2019-12-05 16:37:07,823 WARN [SSH connection monitoring thread:thread-10] [SshProxyCommand] SSH proxy tried to connect to [git@localhost/127.0.0.1:7999]: and failed due to the following error: [Host key not trusted by Bamboo]
com.atlassian.bamboo.ssh.UntrustedKeyException: Host key verification failed
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.connectSession(SshProxyCommand.java:204)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.access$400(SshProxyCommand.java:42)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand$2.call(SshProxyCommand.java:132)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.rerun(RetryingTaskExecutor.java:112)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.runTask(RetryingTaskExecutor.java:99)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.retry(RetryingTaskExecutor.java:207)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.lambda$start$0(SshProxyCommand.java:140)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
2019-12-05 16:37:07,858 INFO [http-nio-8085-exec-4] [BitbucketServerServerConfigurator] Can't authenticate with Bitbucket Server despite successful public key storage: ssh-rsa AAAAB3NzaC1yc2EAAAADA....W9wJlS7U0NakBt https://localhost/bamboo

      When running the plan, Bamboo is unable to checkout Bitbucket Repositories and throws the below error:

      2018-05-25 16:08:00,479 WARN [SSH connection monitoring thread:thread-4] [SshProxyCommand] SSH proxy tried to connect to [git@/xx.xx.xx.xx:7999]: and failed due to the following error: [Host key not trusted by Bamboo]
com.atlassian.bamboo.ssh.UntrustedKeyException: Host key verification failed
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.connectSession(SshProxyCommand.java:204)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.access$400(SshProxyCommand.java:42)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand$2.call(SshProxyCommand.java:132)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.rerun(RetryingTaskExecutor.java:112)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.runTask(RetryingTaskExecutor.java:99)
	at com.atlassian.bamboo.executor.RetryingTaskExecutor.retry(RetryingTaskExecutor.java:207)
	at com.atlassian.bamboo.plugins.ssh.SshProxyCommand.lambda$start$0(SshProxyCommand.java:140)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
2018-05-25 16:08:04,479 ERROR [6-DelayedChangeDetectionThread:pool-12-thread-1] [ChainExecutionManagerImpl] Errors getting changes for STP-BNTP-1
com.atlassian.bamboo.plugins.stash.repository.StashRepositoryException: com.atlassian.bamboo.repository.RepositoryException: java.lang.IllegalArgumentException: Cannot read keypair, it doesn't contain any line with '-----BEGIN'
	at com.atlassian.bamboo.plugins.stash.v2.BitbucketServerChangeDetector.collectChangesSinceRevision(BitbucketServerChangeDetector.java:31)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectionChangesWithRetry(DefaultChangeDetectionManager.java:549)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.lambda$createBuildRepositoryChanges$2(DefaultChangeDetectionManager.java:450)
	at com.atlassian.bamboo.variable.CustomVariableContextImpl.withVariableSubstitutor(CustomVariableContextImpl.java:185)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceLastBuildInternal(DefaultChangeDetectionManager.java:412)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceRevisions(DefaultChangeDetectionManager.java:266)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectChangesSinceRevisions(DefaultChangeDetectionManager.java:200)
	at com.atlassian.bamboo.v2.trigger.DefaultChangeDetectionManager.collectAllChangesSinceLastBuild(DefaultChangeDetectionManager.java:153)
...
Caused by: com.atlassian.bamboo.repository.RepositoryException: java.lang.IllegalArgumentException: Cannot read keypair, it doesn't contain any line with '-----BEGIN'
	at com.atlassian.bamboo.plugins.git.v2.GitChangeDetector.collectChanges(GitChangeDetector.java:186)
	at com.atlassian.bamboo.plugins.git.v2.GitChangeDetector.collectChangesSinceRevision(GitChangeDetector.java:50)
	at com.atlassian.bamboo.plugins.stash.v2.BitbucketServerChangeDetector.collectChangesSinceRevision(BitbucketServerChangeDetector.java:27)
	... 47 more
Caused by: com.google.common.util.concurrent.UncheckedExecutionException: java.lang.IllegalArgumentException: Cannot read keypair, it doesn't contain any line with '-----BEGIN'
	at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2203)
	at com.google.common.cache.LocalCache.get(LocalCache.java:3937)
	at com.google.common.cache.LocalCache.getOrLoad(LocalCache.java:3941)
	at com.google.common.cache.LocalCache$LocalLoadingCache.get(LocalCache.java:4824)
	at com.atlassian.bamboo.collections.AlwaysInvalidatingCacheDecorator.get(AlwaysInvalidatingCacheDecorator.java:64)
	at com.atlassian.bamboo.collections.AlwaysInvalidatingCacheDecorator.getUnchecked(AlwaysInvalidatingCacheDecorator.java:125)
	at com.atlassian.bamboo.util.CallableResultCache.call(CallableResultCache.java:141)
	at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.getRemoteRefs(NativeGitOperationHelper.java:593)
	at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.resolveBranch(NativeGitOperationHelper.java:545)
	at com.atlassian.bamboo.plugins.git.NativeGitOperationHelper.obtainLatestRevision(NativeGitOperationHelper.java:644)
	at com.atlassian.bamboo.plugins.git.v2.GitChangeDetector.collectChanges(GitChangeDetector.java:131)
	... 49 more
Caused by: java.lang.IllegalArgumentException: Cannot read keypair, it doesn't contain any line with '-----BEGIN'
	at com.google.common.base.Preconditions.checkArgument(Preconditions.java:122)
	at com.atlassian.bamboo.plugins.ssh.ProxyConnectionDataBuilderImpl.withKeyFromReader(ProxyConnectionDataBuilderImpl.java:89)
      Workaround 1:
      1. Run the following command in the machine hosting Bamboo: 
        ssh-keyscan -t rsa -p 7999 bitbucket.hostname
      2. From the result, add the SSH key into Bamboo Administration >> Security >> Trusted keys
      3. Re-save the repository setting in Bamboo

            [BAM-19906] Bamboo allows successful saving of a Bitbucket repository with trusted keys enabled and Bitbucket is untrusted

            JIRA DNBCB added a comment -

            Thanks for the workaround provided Robhit.

            We shall follow the same and revert in case of any issues.

            Looking forward to the permanent fix.

             

            Regards

            Praveen

            JIRA DNBCB added a comment - Thanks for the workaround provided Robhit. We shall follow the same and revert in case of any issues. Looking forward to the permanent fix.   Regards Praveen

              851f15845f55 Mateusz Szmal
              rsaxena@atlassian.com Robhit Saxena (Inactive)
              Affected customers:
              1 This affects my team
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: