Details
-
Suggestion
-
Resolution: Done
-
None
-
3
-
Description
Issue Summary
One of our customers would like to integrate Bitbucket with Jenkins. For the official Atlassian Jenkins plugin, they do need a personal access token. Their company policy to only allow for each Jenkins job to access exactly the assigned Bitbucket project. Thus, they would like to place a request a feature to create a Project Access Token as existing Personal Access Token does not meet their requirements.
If Bitbucket has a Project Access Token, the token is only assigned to a project and allows Jenkins to access the repo and the API to signal the build status to Bitbucket.
Steps to Reproduce
- Create a Personal Access Token to user ziegler_f1
- Give access to project 1, project 2, project 3
- Add a Jenkins job for project 2 and would use the token of ziegler_f1
Expected Results
Each Jenkins job should only able to access the assigned Bitbucket project.
Actual Results
Everybody who has access to Jenkins jobs of project 2 would also be possible to access project 1 and project 2, even if they are not allowed to.
Workaround
A solution would only be to create a project-specific use, e.g. user project_1 and create a token for this user. But this would mean that the user needs named users per project which is too expensive.
Note:
The customer did some further tests with their current setup. They fear that also a project dependent access token would not really solve the problem because it has to be configured in Jenkins in a system-wide area while using the Atlassian Bitbucket Server Integration plugin.
Currently, they do not see any chance for the integration of Bitbucket with Jenkins in an enterprise environment.
Attachments
Issue Links
- is related to
-
BSERV-12209 Implement an SSH Support for Pull Request
- Gathering Interest