Reputation: 13
Unable to connect from Google Cloud to Bitbucket repository using app password
I'm using GCP build triggers connected to Bitbucket repositories. The connection is made using user credentials. Bitbucket has announced they're ending support for account password usage:
Beginning March 1, 2022, Bitbucket users will no longer be able to use their Atlassian account password when using Basic authentication with the Bitbucket API or Git over HTTPS. For security reasons, we require all users to use Bitbucket app passwords.
Problem is, when trying to connect to a repository in GCP, the only option to supply Bitbucket credentials is via a web login (which to the point of app passwords, you cannot login via the bitbucket.org with an app password).
GCP Bitbucket login prompt via bitbucket.org
Expected behavior: GCP provides an option to submit app password credentials when connecting to a Bitbucket repository.
Upvotes: 1
Views: 1597
Answers (3)
Reputation: 176
If you can setup the build trigger to be done by a webhook you can configure the build with ssh key. But if you have to configure it as a manual trigger then using the bitbucket login credentials is the only option. Personally, I don't like this config with user login though.
The only good thing is even now(after bitbucket stopped supporting the login credentials for code checkout) the code checkout in GCP is working fine.
Upvotes: 0
Reputation: 244
I have been informed of this change as well. I am trying to understand the scope of the change and its impact. It states that you cannot log in Atlassian account and password. However, besides using app passwords, you can also log in using OAuth2. https://developer.atlassian.com/cloud/bitbucket/oauth-2/
In the case of GCP Build Triggers, when I first set up the Bitbucket repository to connect to, I need to go through the "Authorization Code Grant" flow and acknowledge what access I am granting to Google Cloud Source Repository. If you check the Bitbucket API endpoints being called, they are URLs that are being used for "Authorization Code Grant" flow.
Based on these findings, am I right to say that there is no necessity to change existing triggers or mirrored repositories on GCP since they are using OAuth2 in the first place instead of Atlassian accounts and passwords?
Upvotes: 0
Reputation: 346
I followed directions for GCP Cloud Build integration with Bitbucket Cloud and successfully built out a functioning trigger for my repository here. I only built the trigger in GCP and used the generated webhook URL when creating the webhook in Bitbucket: I didn't create SSH keys, nor is my cloudbuild.yaml entirely valid - so the builds are failing.
Access to the Bitbucket repository was provided through GCP GUI in Cloud Build.
Upvotes: 1
Related Questions
- Bitbucket git credentials if signed up with Google
- Bitbucket cannot load google cloud key file
- Mirror repository from BitBucket Cloud to Google Cloud Repository for App Password changes
- Authenticating GCP service account with Bitbucket Pipelines
- Error configuring Bitbucket/github as external repo in Google Cloud Source Repositories: "Failed to connect repositories"
- git push cloud showing invalid authentication credentials error
- Problems connecting to BitBucket with Cloud Build and Source Repositories
- how to authenticate correctly to Google Cloud Source Repositoriess with sdk
- Authentication error when using Git Bash to connect to Google Cloud (gcloud)
- Authentication failed while using git pull