New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use group authentication for BitBucket Cloud #6419
Comments
After a developer login, I can see that the group only contains the org name and no teams name:
|
Thanks for the report and investigation. Seems like the fix is just to add concourse/skymarshal/skycmd/bitbucketcloud_flags.go Lines 47 to 50 in df62ba0
|
@aoldershaw thanks for the feedback. Do you have an estimate when a fix to this could make it in a new Concourse release? We are in the process of setting up a new Concourse for a team of +100 people and having to configure them by name is quite cumbersome. |
@ringods not sure exactly when, but ASAP - the team will discuss later today. Users have run into a bunch of auth issues in 6.7.3 as a result of bumping upstream dex to patch a CVE. I opened a PR that adds the |
Update: have set up an account, a workspace, and some groups within the workspace (was surprisingly easy!), and verified that the PR fixes the issue. The only thing I'm a bit confused about is how it worked in 6.7.2 and earlier, given that it should have been trying to use the deprecated |
Probably, we were only the first ones to report this. This is a new setup, so no Concourse or Bitbucket Cloud before. |
The bitbucket cloud user authentication always kept working. The teams authentication is broken since at least versin 6.7.0 or earlier. (6.7.0 was the first version I tried with BitBucket Cloud) |
Ah okay, thanks for the info!
Makes sense, that would be the first version released after the |
Summary
We can no longer login using group based authentication. The user authentication is working.
Steps to reproduce
Expected results
I can login, and see the pipelines, using a member in the developers group.
Actual results
The user cyberox can see the correct pipelines, the users in the developers group cannot.
Additional context
The
/teams
endopoint has been deprecated, and is fixed upstreamm by: dexidp/dex#1812According to the documentation, it requires a new config parameter
includeTeamGroups: true
(https://dexidp.io/docs/connectors/bitbucketcloud/)Triaging info
The text was updated successfully, but these errors were encountered: