-
Notifications
You must be signed in to change notification settings - Fork 354
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HTTP Access Token for Bitbucket Datacenter #716
Add support for HTTP Access Token for Bitbucket Datacenter #716
Comments
The doc page says
but above that also:
so, it seems the special header is recommended but not required. |
Hi,
The Problem with the bitbucket Docs ist, that they Mix Personal Access
Tokens (linked to an Account) and http Access Tokens (linked to a Project).
I tried IT against our bitbucket instance and the latter Token Kind only
works with These Headers.
Yours
Nils
KalleOlaviNiemitalo ***@***.***> schrieb am Fr., 2. Juni
2023, 18:12:
… The doc page says
For project or repository tokens, we recommend only using Bearer Auth
without your username
but above that also:
For Git operations, you can use your user's access token as a substitute
for your password.
so, it seems the special header is recommended but not required.
—
Reply to this email directly, view it on GitHub
<#716 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AECYPUN5DLZQDKQ7DEL2XI3XJIGGDANCNFSM6AAAAAAYYM6JSA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***
com>
|
|
I support @nilsmahlstaedt request. |
The Git Client Plugin doesn't support it currently: https://issues.jenkins.io/browse/JENKINS-70897 |
Does |
Oh also, |
Regarding the needed changes to the git-client-plugin After a first look there is only a single place that would need changes in the GitCliClient. |
An alternative method to the GIT_CONFIG_COUNT=0
GIT_CONFIG_KEY_0=http.extraHeader
GIT_CONFIG_VALUE_0="Authorization: Bearer <TOKEN>"
git clone <REPO> This is the equivalent of Using this setup inside of a pipeline might theoretically be possible like this: // inside of stage and step closure
withCredentials([string(credentialsId: '<CRED_ID>', variable: 'TOKEN')]) {
withEnv(['GIT_CONFIG_COUNT=1', 'GIT_CONFIG_KEY_0=http.extraHeader', "GIT_CONFIG_VALUE_0=Authorization: Bearer $TOKEN"]) {
checkout scm
}
} The problem you run into when using this is, while it should authenticate the clone of the actual workspace, it does not affect the initial checkout of the Jenkinsfile or any Shared Library referenced. They will run into authorization problems. A solution will have to consider these steps plus the option of controller-agent-setup's |
It should, while testing the configuration of extraHeader through ENV Vars i used |
A maintainer of Git LFS advises against using |
What feature do you want to see added?
Bitbucket Datacenter enables the creation of access token on a repository or organization level.
These token are very useful, to give Jenkins e.g. read or write access to a single repository.
You no longer need a god user that can read all your repositories or need to create on jenkins user in bitbucket for each repo which can really dig into your user quota.
Bitbucket Doc regarding HTTP Access Tokens: https://confluence.atlassian.com/bitbucketserver0718/http-access-tokens-1097182514.html#HTTPaccesstokens-CreateHTTPaccesstokensforprojectsorrepositories
When using the bitbucket API they can be used as a value for the bearer token header and the plugin to date already allows using them as credentials to e.g. find repos.
Currently missing is the support to use these HTTP access tokens for git clone/checkout. They need to be provided to the invocation of git as an extra header through the
-c http.extraHeader=<Bearer Token Header here>
flag.An example of this can be found right on the bottom of the Bitbucket Documentation mentioned above.
I could see a possible implementation of this feature in the same way you can currently select
Checkout via SSH
as a Git Behaviour. If I understand the documentation correctly it would also enable using this feature with personal access tokens which (as far as the current documentation describes it) cannot be used for this yet.I hope to hear from you
Upstream changes
No response
The text was updated successfully, but these errors were encountered: