This Jenkins plugin enables OAuth authentication for Bitbucket users.
First you need to get consumer key/secret from Bitbucket.
- Log into your Bitbucket account.
- Click on your account avatar in the top right corner and select Bitbucket Settings.
- If your are a member of an organization, ensure you are on Team settings, not Account settings, from the drop down.
- Under ACCESS MANAGEMENT select OAuth.
- Under OAuth consumers, click Add consumer
- The system requests the following information:
- Name is required.
- Callback URL is required. Input https://your.jenkins.root/securityRealm/finishLogin .
- Others are optional.
- Under Permissions, select Account > Read and Team membership > Read(optional).
- Click Save. The system generates a key and a secret for you. Toggle the consumer name to see the generated Key and Secret value for your consumer.
Second, you need to configure your Jenkins.
- Open Jenkins Configure System page.
- Set correct URL to Jenkins URL
- Click Save button.
- Open Jenkins Configure Global Security page.
- Check Enable security.
- Select Bitbucket OAuth Plugin in Security Realm.
- Input your Consumer Key to Client ID.
- Input your Consumer Secret to Client Secret.
- Click Save button.
Based on the teams that user has access to, this plugin automatically creates groups of the form
team::role
Supported roles are owner
, collaborator
and member
Examples
team1::owner
team2::collaborator
team3::member
These group names can be used in Jenkins Matrix-based security to give fine grained access control based on the users team access in Bitbucket.
import hudson.security.AuthorizationStrategy
import hudson.security.SecurityRealm
import jenkins.model.Jenkins
import org.jenkinsci.plugins.BitbucketSecurityRealm
import hudson.util.Secret
// parameters
def bitbucketSecurityRealmParameters = [
clientID: '012345678901234567',
clientSecret: '012345678901234567012345678901'
]
// security realm configuration
SecurityRealm bitbucketSecurityRealm = new BitbucketSecurityRealm(
bitbucketSecurityRealmParameters.clientID,
"",
Secret.fromString(bitbucketSecurityRealmParameters.clientSecret)
)
// authorization strategy - full control when logged in
AuthorizationStrategy authorizationStrategy = new hudson.security.FullControlOnceLoggedInAuthorizationStrategy()
// authorization strategy - set anonymous read to false
authorizationStrategy.setAllowAnonymousRead(false)
// get Jenkins instance
Jenkins jenkins = Jenkins.getInstance()
// add configurations to Jenkins
jenkins.setSecurityRealm(bitbucketSecurityRealm)
jenkins.setAuthorizationStrategy(authorizationStrategy)
// save current Jenkins state to disk
jenkins.save()
This plugin reuses many codes of Jenkins Assembla Auth Plugin. Many thanks to Assembla team.