Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Branch Permissions for Bamboo in Stash

WilliamJ
WilliamJ June 3, 2015

My company has allowed my team to set up a Stash v3.9.1 instance with Bamboo v5.8.1 as our CI.  Recently, we have spent time designing a method for our Git repository management which includes automatically merging feature branches into our development branch upon passing the CI testing.

Now we wish to somewhat enforce this plan by only allowing Bamboo to directly write to the Development branch.  Basically, developers (non-administrators) will not be able to push directly to the Development branch or merge directly into the development branch.  Only Bamboo will be able to complete the merge once the tests are passed.  This is to encourage the use of feature branches and allowing the CI to run before merging code into the main Development branch.  I'm currently using the Bamboo "Gatekeeper" automatic merging method to handle these merges, with all branches starting with "feature/" being automatically merged.

My problem comes in when I try to lock down the Branch Permissions of the Development branch to only allow Bamboo to write.  Since the Branch Permissions calls for a list of users which can read and write and we're using cyclic application links between Bamboo and Stash, the is no "Bamboo" user in our system and I can't add Bamboo to the list of approved writers.  I attempted to simply create a branch permission which allowed no users in hopes that Bamboo would bypass it, but that didn't work.

Put simply, how can I create a Development branch with Stash v3.9.1 which only allows the Bamboo v5.8.1 server to write changes, and forbids direct changes from users?

Thanks,

Will

Answer
Watch
Like Be the first to like this
1391 views

4 answers

1 vote
Caterina Curti
Caterina Curti
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 18, 2018

See my answer on the how to exclude bamboo from branch permission rule question!

Reply
0 votes
Bjørn Westblad
Bjørn Westblad October 6, 2016

Hi Will, 

Did you ever get a proper answer to this question?

I'm currently trying to do the same-ish thing at our client now, where we want to implement a release-process for the code, but we're not able to push to a branch in Stash with branch permissions set.

Any input would be highly appreciated!

Thanks

Bjørn

Reply
0 votes
Krystian Brazulewicz
Krystian Brazulewicz
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 9, 2015

Documentation mentioned by @Ulrich Kuhnhardt [Izymes] is outdated (i've just added a comment).

Word of explanation how Bamboo-Stash integration works: when you configure a Stash repository (for the first time) you need to do the OAuth dance when you login into Stash and allow Bamboo to access Stash as user X. When you click "Save" in your repository configuration Bamboo will generate a SSH keypair and will upload public key to personal SSH keys of a user X in Stash. Then all checkouts and pushes will be run using this SSH keypair.

In order to fix it you'd have to:

  • identify those public keys in private user SSH keys in Stash (for all accounts that were used to create repository definitions in Bamboo)
  • manually copy/paste those keys to repository  SSH keys (with write permission)

 

View More Comments
Nirmal Shankar
Nirmal Shankar September 29, 2015

Say you have a service account "abc" in bamboo, and we use the ssh key of abc to checkout code from bamboo. In Stash, you allow branch permissions to for only user abc to write to master branch. This didnt work. I then created an internal user in stash called "abc" and played around with that. But those things didnt seem to work for me yet

Like
Bjørn Westblad
Bjørn Westblad October 6, 2016

Hi, 

Any actual solution to this that you could find?

Thanks,

Bjørn 

Like
Reply
0 votes
Ulrich Kuhnhardt [IzymesDev]
Ulrich Kuhnhardt [IzymesDev]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 3, 2015

If I understand correctly you need to authenticate Bamboo to Stash as a real user. You can set up the application link between Bamboo and Stash based on Basic Auth (username+password). See also https://confluence.atlassian.com/display/BAMBOO/Configuring+Stash+build+status+notifications

View More Comments
WilliamJ
WilliamJ June 3, 2015

I've alread created the application link between Bamboo and Stash. This allowed me to get things like build results to appear in Stash. This is great, but the nature of creating the application link seems to make it so that it is not required for Bamboo to actually have a Stash user in order to make changes to Stash. Bamboo seems to generate a UUID and uses that instead of a username. As I understand it, the whole point of creating the application link is to bypass the need for Bamboo to have a designated Stash user, at least in this latest version of Stash. Thus when the Branch Permissions menu asks for a list of users, there is none for Bamboo. This is the root of the problem. I can't configure the Branch Permissions specifically for Bamboo because the application link makes it unnecessary for it to have a username.

Like
WilliamJ
WilliamJ June 3, 2015

Oh, I just saw what you're referring to. I will try to set it up this way instead. Thanks.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events