feat: add ability to delegate authorization to external sources #4864
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nickking-brt
requested review from
chenrui333,
lukemassa and
nitrocode
and removed request for
a team
nickking-brt
changed the title
nickking-brt
changed the title
nickking-brt
force-pushed
the
feat/external-authz
branch
from
d8bac16
to
2a0615d
Compare
|
Hi @nickking-brt please add docs, as many tests you can and an example in here of how that would work to understand the user flow. |
|
Hi @jamengual, I've added some tests and documentation with some examples. Please let me know if more is needed. |
GenPage
approved these changes
Sep 3, 2024
jamengual
approved these changes
Sep 3, 2024
chenrui333
reviewed
Sep 5, 2024
There was a problem hiding this comment.
can we followup adding some token comment, this would be some breaking change (as it broke the CI right now)
{"level":"error","ts":"2024-09-03T22:40:26.913Z","caller":"events/command_runner.go:161","msg":"Unable to fetch user teams: Your token has not been granted the required scopes to execute this query. The 'name' field requires one of the following scopes: ['read:org', 'read:discussion'], but your token has only been granted the: ['admin:repo_hook', 'repo'] scopes. Please modify your token's scopes at: https://github.com/settings/tokens.","json":{},"stacktrace":"github.com/runatlantis/atlantis/server/events.(*DefaultCommandRunner).RunAutoplanCommand\n\t/home/runner/work/atlantis/atlantis/server/events/command_runner.go:161"}
|
It looks like my change caused user team lookups to always happen, instead of being conditional. I'm working on a fix now to revert that behavior. |
|
Thanks Nick. |
1 task
a1k0u
pushed a commit
to a1k0u/atlantis
that referenced
this pull request
Nov 1, 2024
…tlantis#4864) Signed-off-by: a1k0u <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
This change allows administrators to delegate command authorization checks to an external command, in place of a Github team check.
why
This change allows Atlantis installation admins to write custom logic for authorization, without needing to modify Atlantis code. This allows for easier and more flexible integrations with team workflows and business requirements.