This Jenkins plugin enables OAuth authentication for Bitbucket users.
First you need to get consumer key/secret from Bitbucket.
- Log into your Bitbucket account.
- Click on your account avatar in the top right corner and select Bitbucket Settings.
- If your are a member of an organization, ensure you are on Team settings, not Account settings, from the drop down.
- Under ACCESS MANAGEMENT select OAuth.
- Under OAuth consumers, click Add consumer
- The system requests the following information:
- Name is required.
- Callback URL is required. Input https://your.jenkins.root/securityRealm/finishLogin .
- Others are optional.
- Under Permissions, select Account > Read and Team membership > Read(optional).
- Click Save. The system generates a key and a secret for you. Toggle the consumer name to see the generated Key and Secret value for your consumer.
Second, you need to configure your Jenkins.
- Open Jenkins Configure System page.
- Set correct URL to Jenkins URL
- Click Save button.
- Open Jenkins Configure Global Security page.
- Check Enable security.
- Select Bitbucket OAuth Plugin in Security Realm.
- Input your Consumer Key to Client ID.
- Input your Consumer Secret to Client Secret.
- Click Save button.
Based on the teams that user has access to, this plugin automatically creates groups of the form
team::role
Supported roles are admin, contributor and member
Examples
team1::admin
team2::contributor
team3::member
These group names can be used in Jenkins Matrix-based security to give fine grained access control based on the users team access in Bitbucket.
import hudson.security.AuthorizationStrategy
import hudson.security.SecurityRealm
import jenkins.model.Jenkins
import org.jenkinsci.plugins.BitbucketSecurityRealm
// parameters
def bitbucketSecurityRealmParameters = [
clientID: '012345678901234567',
clientSecret: '012345678901234567012345678901'
]
// security realm configuration
SecurityRealm bitbucketSecurityRealm = new BitbucketSecurityRealm(
bitbucketSecurityRealmParameters.clientID,
bitbucketSecurityRealmParameters.clientSecret
)
// authorization strategy - full control when logged in
AuthorizationStrategy authorizationStrategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
// authorization strategy - set anonymous read to false
authorizationStrategy.setAllowAnonymousRead(false)
// get Jenkins instance
Jenkins jenkins = Jenkins.getInstance()
// add configurations to Jenkins
jenkins.setSecurityRealm(bitbucketSecurityRealm)
jenkins.setAuthorizationStrategy(authorizationStrategy)
// save current Jenkins state to disk
jenkins.save()
This plugin reuses many codes of Jenkins Assembla Auth Plugin. Many thanks to Assembla team.
(The MIT License)
Copyright (c) 2013 mallowlabs
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.