Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How can a pipeline can reach the pipe repo without any authorization?

oguzhan
oguzhan March 15, 2022

Hi,

We have 2 repos, one of them has bitbucket-pipelines.yml and other one has pipe.yml. So basically We're trying to use first one as an automation repo which pipeline is running, and second one as pipe repo. Both of them private and there is no authentication configuration between them. Both of them are in the same workspace. We realized that pipeline can use pipe repo without any kind of authentication whatsoever.

 

My questions are;

- How the authentication handled between these repos? Both of them are private, normally this kind of operation requires authentication. We have other pipeline repos that need code library repos and to be able to use libraries, we have an authentication configuration. This is working because of pipe?

- Is this behaviour restricted at workspace scope? If not, can people use others' private pipe repos without any authentication?

 

- In pipe step of the pipeline, there is a huge docker container run command which is taking so much environment variables, which one them is PIPELINES_JWT_TOKEN="$PIPELINES_JWT_TOKEN". Is this variable handling the authentication? There is no sign of that in variables & secrets document.
https://support.atlassian.com/bitbucket-cloud/docs/variables-and-secrets/

Best Regards,

Answer
Watch
Like Mathieu Paquette likes this
712 views

1 answer

0 votes
Caroline R
Caroline R
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 18, 2022

Hi, @oguzhan, thank you for reaching out to Atlassian Community. 

As we'll need to analyze your YAML file, I have created an internal ticket for you using the email of your community account, so you don't have to share this information here. 

You should have received an email with a link to the support ticket. Just in case you haven't received it, please feel free to let me know and I can post the ticket URL here. The ticket will be visible only to you and Atlassian staff, no one else can view its contents even if they have the URL.

Please feel free to let me know if you have any questions.

Kind regards, 
Caroline 

View More Comments
oguzhan
oguzhan March 21, 2022

Thank you for response, I'm gonna follow the ticket and try to get the answers of my questions. Appreciate it :)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events