[BCLOUD-23498] Provide a special privileged user who can call the Bitbucket API from the build pipeline with IP restrictions, bypassing those restrictions.

Type: Suggestion
Resolution: Unresolved
Component/s: Workspace - Permissions
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

When trying to call the Bitbucket API from the build pipeline of a repository in a workspace with IP restrictions, We get an error saying, "To access this repository, an admin must whitelist your IP," and I'm unable to call the API.

e.g)
https://developer.atlassian.com/cloud/bitbucket/rest/api-group-pullrequests/#api-repositories-workspace-repo-slug-pullrequests-post

We can work around this issue by setting the step option size to 4x or 8x, enabling "atlassian-ip-ranges," and adding the IP addresses listed in the documentation to the workspace's allowlist.

But allowing outbound IPs used by Bitbucket Pipelines poses a risk: if the repository access token is leaked, others could potentially access it from their own Bitbucket Pipelines using 4x or 8x sizes.

To mitigate this risk, it would be helpful to have special permissions that allow actions on the repository running the Bitbucket Pipelines, even if those actions aren't included in the IP whitelist.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List

スクリーンショット 2024-11-29 14.54.58.png
173 kB
29/Nov/2024 7:38 AM

There are no comments yet on this issue.

Assignee:: Unassigned

Reporter:: M.Shimizu

Votes:: 6 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 29/Nov/2024 7:33 AM

Updated:: 1 week ago 9:52 AM

Bitbucket Cloud

Details

Description

Attachments

Attachments

Forms

Activity

People

Dates