We’ve got a Bamboo build server that then triggers an Octopus deployment. This was all set up by someone who no longer works here.
We’re now finding that for a specific build process there’s a script that calls “api/tenants/all” with an ApiKey but it returns a 403 forbidden error. Looking at the logs, it’s trying to run under the person who set everything up. I’ve tried making the call directly from Postman with the same result. Somehow it’s assuming all API calls (or maybe this particular API call) should be run under that account. I tried creating an ApiKey under my account and it returned a 401 Unauthorized error.
The only way we could fix it was to add the old account back to the System Administrators team.
How do we change things so that the deployment will run under a different account?
Thanks for getting in touch! For any build steps in Bamboo that require it to trigger something to happen in Octopus, it should be as simple as swapping out the API key in the appropriate field on each step for the one you created for yourself. This is given your user’s permissions are adequate to perform the tasks, which I’m assuming they are since you were able to add the old account back to System Admin team. Something about this does certainly seem strange.
Could you send through the permissions export from your user for a closer look and to set up a repro? You can grab this in the UI under Configuration > Test Permissions, selecting your user, and clicking Export. You can then mark this thread as private and upload the resulting permissions export, or email them to support@octopus.com and I can pick them up from there.
I look forward to hearing back and getting to the bottom of this one!
I selected Export under Test Permissions. It opened a new tab, and then nothing. The tab just remained blank, there was no error message. I’ve (hopefully) attached a screenshot.
Thanks for following up! That does definitely seem odd. Glad to hear the refresh worked. I couldn’t repro that behavior locally, but I can revisit this after diving into the permissions export I just received via email.
