-
Bug
-
Resolution: Unresolved
-
16
-
Severity 2 - Major
-
16,353
-
Issue Summary
At this time, if a user clones another repository from the same workspace in pipelines with IP whitelisting enabled, they are required to whitelist the whole IP range that belongs to Bitbucket Pipelines. Considering the fact that both repositories in question belong to the same premium workspace, Can't the IP whitelisting feature be overridden in such cases? Or, could there be an option to just whitelist a set of repositories?
Steps to Reproduce
- Enable IP whitelisting on the workspace 'ABC'
- Go to repo 'A' and configure pipelines to clone the repo 'B'. Both repo 'A' and 'B' belongs to workspace 'ABC'
- The pipeline will error out with the following error: "To access this repository, an admin must whitelist your IP."
Expected Results
- Both repositories are part of the same workspace, therefore cloning another repo from the same workspace should be allowed and IP whitelisting check should be overridden.
Actual Results
- The user is required to add the Bitbucket pipelines IP range to the IP whitelisting section before cloning another repo within pipelines on the same workspace.
Workaround
- To add the Bitbucket pipelines IP range to the IP whitelisting section
34.199.54.113/32 34.232.25.90/32 34.232.119.183/32 34.236.25.177/32 35.171.175.212/32 52.54.90.98/32 52.202.195.162/32 52.203.14.55/32 52.204.96.37/32 34.218.156.209/32 34.218.168.212/32 52.41.219.63/32 35.155.178.254/32 35.160.177.10/32 34.216.18.129/32
[BCLOUD-19689] API and Git operations made within Pipelines build is blocked by IP whitelisting
IP whitelisting works by comparing the IP address of a request to a list of approved IP addresses. If the IP address is not on the list, the request is blocked. In the case of Sloterman pipelines, API and Git operations are typically made from a variety of IP addresses. This is because casinos often use a variety of cloud-based services, which can be accessed from anywhere in the world.
Just to add some more details here, it looks like the list of addresses recently changed. For us, the first symptom was a broken pipeline, and it took a long time to trace this back to changed internal IP addresses within Atlassian (and no notification of changed IP addresses).
There has to be a better way!
Hi all, is there any update on this?
Adding 15 IP addresses to the IP Whitelist is a very hard sell for our company, it's quite a security risk. We require private repos, and the submodules we use are also within the same workspace. It seems odd that we have to whitelist external IP addresses (from my company's perspective) to make the build pipeline work.
One thing here to consider is that adding the Pipelines IP range to the whitelist would kinda defeat the purpose of the whitelist. Effectively it would grant all Pipelines builds access (at least visibility) to the workspace - which the whitelisting tries to avoid.
This is may be acceptable for some customers that use whitelisting, but others might prefer the whitelisting to be respected in a more strict manner.
I've raised a bug for this here https://softwareteams.atlassian.net/browse/BBCFR-1460
I’ve always wanted to buy a property abroad but didn’t know where to look. Finding a good website with real listings was harder than I thought. Then I found https://cy.estate . The site is easy to use, with many filters and up-to-date offers. Also site information about different areas and investment options. A great tool for searching