[#QB-3349] BitBucket Cloud pull-requests should use ssh keys

QuickBuild

BitBucket Cloud pull-requests should use ssh keys

Created: 26/Feb/19 01:09 PM Updated: 11/Mar/20 01:35 PM

Component/s:

None

Affects Version/s:

8.0.38

Fix Version/s:

None

Original Estimate:

Unknown

Remaining Estimate:

Unknown

Time Spent:

Unknown

Description

« Hide

Since the pull-request configurations require a username password combinations as opposed to the ssh keys that normal build configurations use, someone can lock out the account with bad logins and stop pull requests from working.

All

Comments

Work Log

Change History

Sort Order:

[ Permlink | « Hide ]

Robin Shen [26/Feb/19 09:40 PM]

A build specific account should be specified as user name and password, and others should not be able to access this account. Or am I mis-understanding your concerns?

[ Permlink | « Hide ]

Jeff Smith [28/Feb/19 03:35 PM]

For normal deployments, QuickBuild uses ssh keys to authenticate with the BitBucket cloud server but pull-request test configurations need a username and password. My basic question is why we can't use ssh keys for pull-request testing.

[ Permlink | « Hide ]

Steve Luo [01/Mar/19 06:27 AM]

Hi Jeff,

When you use ssh to checkout repository, username and password are not necessary. But if you want to build with pull requests, the username and password are required because QuickBuild need them to visit BitBucket RESTful APIs to fetch the pull requests information. The username and password are used only for fetching pull requests information, not for checking out source code. So you can still define ssh url for your repository url.

[ Permlink | « Hide ]

Jeff Smith [01/Mar/19 01:36 PM]

I think I understand. It sounds like there is a technical limitation that ssh keys cannot be used to get the pull request test information. Thanks!

Change by Robin Shen [11/Mar/20 01:35 PM]
Field	Original Value	New Value
Status	Open [ 1 ]	Closed [ 6 ]
Resolution		Won't Fix [ 2 ]