Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-21531

Warn Bamboo admins when repository ssh keys are stored under a user account in Bitbucket Server or Data Center

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem Definition

      When a user creates a Bitbucket Server or Data Center repository configuration ssh keys are automatically created by Bamboo and the public ssh key uploaded to Bitbucket. In short, if the user has permissions to manage the repository in Bitbucket, the public key will be added to the repository. However, if the user doesn't have permissions to manage the repository (only to access it) the public key will be added to his/ her own profile under Manage account > SSH keys in Bitbucket.

      If the public key gets added to the user profile this might become a problem when that user is deactivated (i.e. user showing up as UNLICENSED) or deleted from Bitbucket. If the public key is not accessible anymore because the user is not available, Bamboo will fail to communicate to Bitbucket using that ssh key pair.

      A Bamboo admin could reach out to the user and ask them to remove the public key from their user account, and then re-save the repository configuration in Bamboo to add a new public key to the repository. The problem is that right now there's no way for a Bamboo admin to know that a certain repository configuration has its public key stored under someone's user account in Bitbucket and not the repository from the Bamboo UI.

      Suggested Solution

      Add a warning message inside the repository configuration in Bamboo to let Bamboo admins know that the repository has its public key under someone's user account in Bitbucket and that this might cause problems in the future in case that user account ever gets deactivated or deleted. This should prompt Bamboo admins to follow-up with the user who created the repository configuration so they can work together and promote the public key to the repository. Here's an example:

      1. Bamboo admin opens a plan-level repository configuration in Bamboo and sees a warning message reporting that the public key was stored under userA's account in Bitbucket.
      2. Bamboo admins follow-up with userA and asks the user to remove that repository's public key from his/ her account.
      3. userA removes the public key – repository configuration will now report the following error inside Bamboo:
      4. Bamboo admin re-saves the repository configuration forcing Bamboo to generate a new ssh key pair and add the public key to the repository in Bitbucket.
      5. From this moment on the public key is no longer associated to userA in Bitbucket so deactivating or deleting the user account won't prevent Bamboo from accessing the repository in Bitbucket.

      The user may have several public keys under his/ her user account. In order to identify the public key from the repository configuration you're viewing in Bamboo just expand the Advanced options and search for "Public key generated for this repository":

        1. Screenshot 2021-12-03 at 11.57.48.png
          Screenshot 2021-12-03 at 11.57.48.png
          363 kB
        2. Screenshot 2021-12-03 at 13.39.47.png
          Screenshot 2021-12-03 at 13.39.47.png
          72 kB

            [BAM-21531] Warn Bamboo admins when repository ssh keys are stored under a user account in Bitbucket Server or Data Center

            There are no comments yet on this issue.

              Unassigned Unassigned
              brosa Bruno Rosa
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: