I am setting up a drone server using the k8s helm charts. Here is a modified version of my values file:
I have correctly craeted a Drone OAuth app from the
super-org organization (in the settings of bitbucket) an I can successfully login to the Drone Server and see the projects. I followed the permissions specified here:
But I can only activate my own projects and not the organization ones. The error that i get from both the CLI and browser is a generig 500 error. And the logs that I can read on kubernetes are only a bunch of these:
INFO: 2018/04/16 11:20:29 transport: http2Server.HandleStreams failed to receive the preface from client: read tcp 10.244.2.26:9000->10.240.0.4:57644: read: connection reset by peer
INFO: 2018/04/16 11:20:30 transport: http2Server.HandleStreams failed to receive the preface from client: read tcp 10.244.2.26:9000->10.244.2.1:55440: read: connection reset by peer
INFO: 2018/04/16 11:20:34 transport: http2Server.HandleStreams failed to receive the preface from client: read tcp 10.244.2.26:9000->10.240.0.5:58538: read: connection reset by peer
But nothing related to my cloning/downloading/checking-webhooks or something related to what I was doing: adding a repository.
What am I doing wrong? What should I change in the OAuth app?
The most common root cause for inability to activate Bitbucket repositories would be that you have insufficient privileges. Bitbucket requires administrative rights to the repository in order to enable webhooks.
An administrator created the OAuth app… are they the only people capable of creating repositories then?
We are trying to replace Jenkins with Drone, and with Jenkins there are ways to automatically add the repositories.
Are admins the only guys capable of adding repositories?
Yes. Bitbucket requires a user have administrative access to a repository in order to add webhooks.
When you login to Drone via Bitbucket you grant Drone access to your Bitbucket account. When Drone makes API calls to Bitbucket, it does so on your behalf with your permissions. It does not make calls on behalf of the individual that created the oauth application (oauth is not meant to work like that).
Drone requires webhooks to trigger builds and Jenkins does not. Since webhooks are required and can only be created by a repository administrator, only a repository administrator can activate a repository in Drone. Even if Drone allowed a non-admin to activate a repository, you would still need an administrator to manually add a webhook to Bitbucket to complete the setup.
Any plan to change this? I see that drone is very tight to vendor, and not to “generic” git implementation. (even if I see the possibility to implement custom implementations)
Any plan to change this? I see that drone is very tight to vendor
No plans to change this. Drone is tightly integrated by design.
How does Drone then gets the credentials to clone repositories in the pipeline when triggered by the webhooks? Does the webhook provide the requirements/permissionz?