Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,299,190
Community Members
 
Community Events
165
Community Groups

Bitbucket Pipeline Reports - Using API to create reports for a private repo with ip whitelist

Edited

Is it possible to use the Bitbucket Cloud API to create reports for a private repository that has an IP whitelist? I have a java app that runs in a pipeline which attempts to create a report and add annotations but I get whitelist errors. i.e.

{"type": "error", "error": {"message": "To access this commit, an admin must whitelist your IP."}}

 

I cannot add Bitbucket's IP addresses (https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/)  to our whitelist because everyone with a bitbucket account and pipelines would have access to our repository.

Is there some form of a work around?

2 answers

0 votes
mkleint Atlassian Team Jul 06, 2021

There is no simple solution with the constraints you outlined I'm afraid.

Things to consider with IP whitelist is that even if you allow all pipelines IPs to the whitelist it does not automatically mean that anyone with a Pipelines build can access your repository, your build or your data in general. The usual authentication/permission limits apply.

A working solution that avoids adding pipelines IPs to the whitelist would require additional infrastructure on your side to facilitate the proper filtering.

1. a pipeline build would post the report API call to certain proxy website that you own and that is within the IP ranges allowed to contribute to the repository/workspace in question.

2. such a proxy would have to be accessible from the pipelines IP ranges and would require authentication with OIDC token we issue for individual steps running inside pipelines.

See https://support.atlassian.com/bitbucket-cloud/docs/integrate-pipelines-with-resource-servers-using-oidc/ intro into OIDC in bitbucket pipelines.

3. your proxy server would verify the token associated with the request and make sure your tokens coming from your repository/workspace/... are allowed to post.

4. if the verification is successful, the proxy would forward the request  to the bitbucket Reports API (and that should then work because it's the whitelisted range you defined before)

Still looking for a work around for this, if anyone has any ideas

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bitbucket

Git push size limits are coming to Bitbucket Cloud starting April 4th, 2022

Beginning on April 4th, we will be implementing push limits. This means that your push cannot be completed if it is over 3.5 GB. If you do attempt to complete a push that is over 3.5 GB, it will fail...

2,238 views 2 9
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you