Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to integrate Bitbucket cloud with Concourse CI?

I have worked out to set a new team in concourse ci and can login as Bitbucket users.

fly set-team -n main \
  --basic-auth-username myuser \
  --basic-auth-password xxxx \
  --generic-oauth-display-name bitbucket \
  --generic-oauth-client-id xxxx  \
  --generic-oauth-client-secret xxxx \
  --generic-oauth-auth-url https://bitbucket.org/site/oauth2/authorize \
  --generic-oauth-token-url https://bitbucket.org/site/oauth2/access_token 

The key to set it successfully is, callback url for OAuth consumer in bitbucket need be concourse ci web site only (no /auth/oauth/callback in callback url)

Now I found a problem. Any users (even new registered free user in bitbucket cloud) can login my concourse ci server.

After did some research, I got this

Generic oAuth

The --generic-oauth-* flags configure a generic oAuth provider which performs no additional verification about the individual user signing in by default. It should only be used with internal auth systems in this way. If it were used to configure Google or Twitter oAuth, for example, it would permit just about every person on the internet to create pipelines. It'd be mighty generous. If you need verification, make sure you are using the --generic-oauth-scope flag.

So are there any ways to stop the unauthorised bitbucket cloud users to login, which should be only limit to my organisation? Same as github's option --github-auth-organization=ORG

I try to add --generic-oauth-scope concourse.main But always get the error:

failed to verify token

I also read OAuth on Bitbucket Cloud - Scopes and try with most scopes, such as

--generic-oauth-scope account

Still get same error.

What should I put in the scope?

like image 207
Bill Avatar asked Aug 10 '17 06:08

Bill


People also ask

How do I integrate bitbucket?

You can also connect to a Bitbucket Cloud workspace by selecting Add shortcut from your project navigation and then selecting Repository. Once the repository link is created, choose Integrate Bitbucket to sync your Jira and Bitbucket accounts.

How do you make a concourse pipeline?

To set up a new pipeline, target your Concourse server with the fly command using the set-pipeline action. We need to pass the name of the new pipeline with -p option and pass the pipeline configuration file with the -c option: fly -t main set-pipeline -p hello_hapi -c ci/pipeline.

What language templates does bitbucket pipeline support?

We support the top-used languages such as NodeJS, PHP, Java, Python, and . NET Core; however, based on the language configured in your Bitbucket repository, the template list automatically recommends templates in that language.


2 Answers

For Concourse CI >= v.3.7 and <= v.4.0 you can use the the dedicated Bitbucket Cloud authentication provider. I've written a blog post about this but the gist is to use

fly -t ci set-team -n dev --bitbucket-cloud-auth-client-id=xxx --bitbucket-cloud-auth-client-secret=xxx --bitbucket-cloud-auth-repository=myorg/myrepo`

Sadly, Concourse 4.0's new user model no longer supports bitbucket cloud.

There is no longer support for BitBucket auth. Sorry - Dex doesn't support it. :( However we do support generic LDAP, oAuth, and OIDC connectors, which you may be able to use instead.

like image 54
Johannes Rudolph Avatar answered Oct 21 '22 09:10

Johannes Rudolph


Concourse master branch got BitBucket Cloud OAuth back, see

  • https://github.com/concourse/concourse/commit/265d35519442ff174a1036889b1910dc2f91d4c9
  • https://github.com/concourse/dex/commit/e1acb6d577111af69dd919712a70f3e952205fce

As of today (2018-11-15), there is no release yet supporting BitBucket Cloud OAuth, but the next release, which is due soon, will :-)

like image 1
marco.m Avatar answered Oct 21 '22 10:10

marco.m