-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for adding a single deploy key to multiple projects in a namespace/group as a non-administrator #736
Comments
Hi @vchepkov - Could you please clarify the following?
Can you share your gitlabform config? As you mentioned in the issue title, I believe the above is not supported by gitlabform at the moment.
Not sure what you meant here. When gitlabform is executed, it will run using the scope/permission of the user whose access token is used. So, if an API requires admin permission and the token does not have admin permission, gitlabform won't be able to make use of that API. I think there's 2 different use case here:
Looks like you're interested in the 2nd use case. Would you be able to help contribute this feature? Can you suggest what the config syntax should look like? The tricky issue here is how to separate this new config from the existing config so that they aren't clashing/conflicting with each other. Or, maybe that's not an issue. Haven't really thought about it yet. |
Hi, @amimas , The configuration I attempt to use is very basic:
We have many projects inside that subgroup Based on the error, API call
It is not expected to succeed for non-administrative user
|
Thanks for the details @vchepkov . Sounds like gitlabform currently tries to get all deploy keys which requires admin access and at least in gitlab.com, this won't be available. It could affect self-hosted gitlab too but at least in that case it might be possible to get an admin user, although in a highly restricted environment, that might not be available. So ideally, gitlabform needs to use the following endpoint when it encounters the above exception listing all deploy keys.
In my opinion, we should split this issue into 2. One is for addressing the access issue and the second is for ability to add a deploy key to multiple projects. For the second one, I wonder if we need to discuss the config syntax a bit more. Your sample config looks fine to me but haven't really thought it through yet. |
When I try to configure same deploy key on the group of the projects, gitlabform fails:
That API is reserved for administrators only. But, as a non-administrator I should able to create private keys for the projects and assign them to multiple projects:
https://archives.docs.gitlab.com/16.3/ee/api/deploy_keys.html#add-deploy-keys-to-multiple-projects
I certainly can using gitlab's GUI and deploy_key works only for a single project, just not for the group specified by
*
GitLabForm version
🏗 GitLabForm version: 3.9.7 = the latest stable 😊
GitLab version
v16.3.7-ee
The text was updated successfully, but these errors were encountered: