Uploaded image for project: 'Bitbucket Data Center'
  1. Bitbucket Data Center
  2. BSERV-9954

When adding an Access Key to a Project and granting it a Branch Permissions exception, pushes using that key are denied

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Medium Medium
    • 5.3.0, 5.1.5, 5.2.3
    • 5.1.0, 5.2.1
    • None
    • None

      Summary

      When adding an Access Key to a Project and granting it a Branch Permissions exception, pushes using that key are denied

      Environment

      • Linux server

      Steps to Reproduce

      1. Create a Project Test Project.
      2. Create a Repository in Test Project called test-repository.
      3. Create 2 branches in test-repository, master and test.
      4. Add an access key to Test Project with Read/Write access.
      5. Add the Branch Permission to Test Project for master: "Prevent Changes without a pull request" with an exception for the access key.
      6. Push commits to the test branch in test-repository.

      Expected Results

      Pushes to test are successful.

      Actual Results

      The push fails with:

      remote: Communication breakdown with Bitbucket.
To <Server URL>/tp/test-repository.git
 ! [remote rejected] test -> test (pre-receive hook declined)
error: failed to push some refs to <Server URL>/tp/test-repository.git'

      The below exception is thrown in the atlassian-bitbucket.log file:

      2017-07-24 15:30:50,900 WARN  [threadpool:thread-3] 1161040a8c3b3f23 @1YWEVGEx930x824x0 pyx
zkp 192.168.0.1 SSH - git-receive-pack '/tp5/shared-repository.git' c.a.s.i.h.r.DefaultRepo
sitoryHookService [TP5/shared-repository[1]] Error calling com.atlassian.stash.internal.rep
ository.ref.restriction.RestrictionEnforcer.preUpdate (com.atlassian.bitbucket.server.bitbu
cket-ref-restriction:restrictionEnforcerHook)
com.atlassian.bitbucket.AuthorisationException: You are not permitted to access this resource
...
Caused by: org.springframework.security.access.AccessDeniedException: Access is denied

      2017-07-24 15:30:50,901 INFO  [threadpool:thread-3] 1161040a8c3b3f23 @1YWEVGEx930x824x0 pyx
zkp 192.168.0.1 SSH - git-receive-pack '/tp5/shared-repository.git' c.a.s.i.h.r.DefaultRepo
sitoryHookService [TP5/shared-repository[1]] hook 'restrictionEnforcerHook' vetoed the push
 request
2017-07-24 15:30:50,911 WARN  [threadpool:thread-3]  c.a.s.i.hook.DefaultHookService Hook s
ocket I/O failed before the repository/hook could be identified
org.springframework.transaction.UnexpectedRollbackException: Transaction rolled back becaus
e it has been marked as rollback-only

      Workaround

      Create a generic user account and associate the SSH key with the account.

              fdoherty@atlassian.com Frank Doherty
              abromberg Aaron Bromberg (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: