Versioned settings with BitBucket Cloud branch permissions

Answered

I am using BitBucket Cloud for source control, and am trying to set up versioned settings for my TeamCity build configurations. As part of my company's ISO-27001 certification, we are looking to control who can make changes to the master branch, so we are using BitBucket's branch permissions to restrict writes on master to members of particular groups. I am one of those members, being an administrator on all repositories as well as having other roles which have also been granted write access on master. However, when I try to save project settings, TeamCity displays the following error:

Error while committing settings change 'TeamCity change in 'API' project: Synchronization with own VCS root is enabled': Push failed, status: REJECTED_OTHER_REASON, message: pre-receive hook declined

which I'm assuming means that BitBucket is rejecting the commit of the versioned settings (by means of the pre-receive hook). My understanding is that TeamCity is using the current user (i.e. me) as the user to associate with the commit. Is TeamCity capable of sending any credentials with the request? We use AD to authenticate with TeamCity, and I use a certificate for authentication with BitBucket.

2 comments
Comment actions Permalink

David Keaveny when you enable versioned settings you had to choose 'Project settings VCS root'. The VCS root has Authentication Settings and this is the authentication used for writing history.

The author of the change will show as the TeamCity user, but the push is performed by the user you configure via Auth Settings.

To be honest that error doesn't seem like an auth problem, on your repo do you have a hook set up that checks the commit note matches a pattern or something?

 

0
Comment actions Permalink

We have got the same situation. 
We would like to store our setting in the same repo as our code.
Our git access configured with the ssh auth key. This user has a limited access rights(read only) plus we have a restriction on the main branch - we can not push there directly.

If only Teamcity could do the Save operation on behalf of the different user, rather then the one configured in the project configuration.

Can you suggest something?

0

Please sign in to leave a comment.