Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-20121

Cannot create protected branches using the OAuth consumer belonging to the team account/workspace.

    XMLWordPrintable

Details

    Description

      Currently, it is not possible to create a protected branch(branch permission set up to restrict access to certain users only) using the API using the Team account/workspace OAuth credentials. We get BRANCH_PERMISSION_VIOLATED error.

      Steps to reproduce the error:

      • Create oAuth for the TEAM workspace atlas_team123
      • Create Access token using oAuth key and secret of atlas_team123 TEAM workspace 
        curl -X POST -u key:secret https://bitbucket.org/site/oauth2/access_token -d grant_type=client_credentials
      • Create repo_bbs repository in atlas_team123 TEAM account
      • Setup branch permission for release/* branch and give Administrators group only write access in atlas_team123/repo_bbs
      • Administrators group has only one individual account and not TEAM workspace atlas_team123
      • Make an API call to create a branch using the access token for atlas_team123 TEAM account  
        curl 'https://api.bitbucket.org/2.0/repositories/atlas_team123/repo_bbs/refs/branches' -A 'bitbucket-api-client/1.1' -H 'Content-Type: application/json' -H 'Accept: application/json' -H 'Authorization: Bearer xxxx' -X POST -d '{"name":"release\/20.20.20","target":{"hash":"master"}}'

        You will receive the below error

        {"data": {"key": "BRANCH_PERMISSION_VIOLATED"}, "type": "error", "error": {"message": "You are not allowed to create a branch that matches the pattern \"release/*\".", "data": {"key": "BRANCH_PERMISSION_VIOLATED"}}}$

      This is because we have a branch permission to restrict access to certain users only and team accounts/workspace cannot be added as users in the branch permission.

      Hence even though the team account/workspace is the owner of the repository the team account's OAuth cannot be used to create the restricted branch.

      This affects the customers as they need to add a service account to the group that has branch permission and use the service account's OAuth credentials to create the branch.

      It would be good to have the ability to use the team account/workspace OAuth instead.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            dbhat@atlassian.com Dheeraj (Inactive)
            Votes:
            12 Vote for this issue
            Watchers:
            19 Start watching this issue

            Dates

              Created:
              Updated: