Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket Pipeline Reports - Using API to create reports for a private repo with ip whitelist

Joseph
Joseph June 29, 2021 edited

Is it possible to use the Bitbucket Cloud API to create reports for a private repository that has an IP whitelist? I have a java app that runs in a pipeline which attempts to create a report and add annotations but I get whitelist errors. i.e.

{"type": "error", "error": {"message": "To access this commit, an admin must whitelist your IP."}}

 

I cannot add Bitbucket's IP addresses (https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/)  to our whitelist because everyone with a bitbucket account and pipelines would have access to our repository.

Is there some form of a work around?

Answer
Watch
Like Be the first to like this
561 views

2 answers

0 votes
mkleint
mkleint
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 6, 2021

There is no simple solution with the constraints you outlined I'm afraid.

Things to consider with IP whitelist is that even if you allow all pipelines IPs to the whitelist it does not automatically mean that anyone with a Pipelines build can access your repository, your build or your data in general. The usual authentication/permission limits apply.

A working solution that avoids adding pipelines IPs to the whitelist would require additional infrastructure on your side to facilitate the proper filtering.

1. a pipeline build would post the report API call to certain proxy website that you own and that is within the IP ranges allowed to contribute to the repository/workspace in question.

2. such a proxy would have to be accessible from the pipelines IP ranges and would require authentication with OIDC token we issue for individual steps running inside pipelines.

See https://support.atlassian.com/bitbucket-cloud/docs/integrate-pipelines-with-resource-servers-using-oidc/ intro into OIDC in bitbucket pipelines.

3. your proxy server would verify the token associated with the request and make sure your tokens coming from your repository/workspace/... are allowed to post.

4. if the verification is successful, the proxy would forward the request  to the bitbucket Reports API (and that should then work because it's the whitelisted range you defined before)

Reply
0 votes
Joseph
Joseph July 1, 2021 edited

Still looking for a work around for this, if anyone has any ideas

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.