0

I was wondering if it is possible to restrict the credentials of a user to only allow to perform REST API calls (ideally selected ones).

I would like to restrict the user created for Jenkins purposes on to be able to:

  1. trigger the build (using POST commit hook),
  2. update the build status (using Build Status API)

Thanks.

Crazyjavahacking
  • 9,343
  • 2
  • 31
  • 40
  • it's not clear enough what do you want. To clone via REST? You can't, REST is only for server-side actions. You want to trigger a build? Bitbucket Server(not a cloud) doesn't know to build anything. – Yuri G. Jul 04 '17 at 20:37
  • You are right, reworded the question. – Crazyjavahacking Jul 05 '17 at 05:58
  • the first bullet still isn't clear enough. post commit hook is a client side hook. did you mean post recieve hook? anyway, server side hooks are triggered after/before git push and not through REST – Yuri G. Jul 05 '17 at 19:42
  • 1. other system will trigger the build using post receive hook by calling Jenkins HTTP request to start the build – Crazyjavahacking Jul 05 '17 at 20:20

1 Answers1

1

Short answer is - no. There are no specific permission for the REST api.

In details:

  1. A post received hook runs after a push operation. In case of Bitbucket Server it runs also after a merge of a pull request. The documentation says:

    The authenticated user must have REPO_WRITE permission for the repository that this pull request targets to call this resource.

So, you must give a write access to the user in order to trigger a post-receive hook

  1. According to the documentation:

The authenticated user must have LICENSED permission or higher to call this resource.

So you can use a user with minimal permissions

Yuri G.
  • 4,323
  • 1
  • 17
  • 32