Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-75469

Support for HTTP Access Token for Bitbucket Datacenter

XMLWordPrintable

      NOTE issue reported from github.com by user nilsmahlstaedt

      Bitbucket Datacenter enables the creation of access token on a repository or organization level.
      These token are very useful, to give Jenkins e.g. read or write access to a single repository.
      You no longer need a god user that can read all your repositories or need to create on jenkins user in bitbucket for each repo which can really dig into your user quota.

      Bitbucket documentation regarding HTTP Access Tokens available at https://confluence.atlassian.com/bitbucketserver0718/http-access-tokens-1097182514.html#HTTPaccesstokens-CreateHTTPaccesstokensforprojectsorrepositories

      When using the Bitbucket API they can be used as a value for the bearer token header and the plugin to date already allows using them as credentials to e.g. find repos.

      Currently missing is the support to use these HTTP access tokens for git clone/checkout. They need to be provided to the invocation of git as an extra header through the -c http.extraHeader=<Bearer Token Header here> flag.
      An example of this can be found right on the bottom of the Bitbucket Documentation mentioned above.

      I could see a possible implementation of this feature in the same way you can currently select Checkout via SSH as a Git Behaviour. If I understand the documentation correctly it would also enable using this feature with personal access tokens which (as far as the current documentation describes it) cannot be used for this yet.

      Reporting summary of useful user comments:

      We should also keep in mind if header works with git lfs

      Note that -c on the Git command line might be visible to other users of the computer, so placing credentials there can be insecure if you run Jenkins agents on a multiuser machine.

      An alternative method to the -c flag can be environment vars for git versions >=2.31
      As per git-config doc you can set up an env var config like this

      GIT_CONFIG_COUNT=0
GIT_CONFIG_KEY_0=http.extraHeader
GIT_CONFIG_VALUE_0="Authorization: Bearer <TOKEN>"git clone <REPO>

      This is the equivalent of git -c "http.extraHeader=Authorization: Bearer <TOKEN>" clone <REPO> just without exposing the token to ps or comparable tools. For git verions <2.31 these environment variables are ignored.

            nfalco Nikolas Falco
            nfalco Nikolas Falco
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: