Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Bitbucket Pipeline Reports - Using API to create reports for a private repo with ip whitelist Edited

Is it possible to use the Bitbucket Cloud API to create reports for a private repository that has an IP whitelist? I have a java app that runs in a pipeline which attempts to create a report and add annotations but I get whitelist errors. i.e.

{"type": "error", "error": {"message": "To access this commit, an admin must whitelist your IP."}}

 

I cannot add Bitbucket's IP addresses (https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/)  to our whitelist because everyone with a bitbucket account and pipelines would have access to our repository.

Is there some form of a work around?

2 answers

Still looking for a work around for this, if anyone has any ideas

0 votes
mkleint Atlassian Team Jul 06, 2021

There is no simple solution with the constraints you outlined I'm afraid.

Things to consider with IP whitelist is that even if you allow all pipelines IPs to the whitelist it does not automatically mean that anyone with a Pipelines build can access your repository, your build or your data in general. The usual authentication/permission limits apply.

A working solution that avoids adding pipelines IPs to the whitelist would require additional infrastructure on your side to facilitate the proper filtering.

1. a pipeline build would post the report API call to certain proxy website that you own and that is within the IP ranges allowed to contribute to the repository/workspace in question.

2. such a proxy would have to be accessible from the pipelines IP ranges and would require authentication with OIDC token we issue for individual steps running inside pipelines.

See https://support.atlassian.com/bitbucket-cloud/docs/integrate-pipelines-with-resource-servers-using-oidc/ intro into OIDC in bitbucket pipelines.

3. your proxy server would verify the token associated with the request and make sure your tokens coming from your repository/workspace/... are allowed to post.

4. if the verification is successful, the proxy would forward the request  to the bitbucket Reports API (and that should then work because it's the whitelisted range you defined before)

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Bitbucket

How do you use the Bitbucket-Jira integration? How does it help your team?

Hey everyone, over the past year, we've added several new features on how you can use Bitbucket and Jira together. We'd love to know how you'll are using the integration and how it's helping your t...

71 views 0 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you