Publish access to scoped packages are to strict #71
Comments
|
ping @bufferoverflow - any comments on this? ;-) |
|
I guess we have no test case for definition of '@projectNameMonoRepo/* within config. Does it work without that definition in a similar way as described within readme ? |
|
I'm not sure I understand: you want to have a subproject in gitlab named |
|
Yes, like With the current setup i would be forced to create new git repos for each npm package. @groupName/legacy-clients sorry for the delayed response. |
|
Well, off the top of my head I'm wondering how to map the same project name existing in gitlab in two groups (e.g. Maybe I'm missing the point, but this looks to me as a quite particular use case, not easily generalizable between gitlab and verdaccio :-? |
|
Doesn't seem too tricky design-wise: packages:
# Set that an admin can publish anything
'**':
...
gitlab:
admin: true
# @mycompany-foo/bar can be published by maintainers in the group foo
'@mycompany-*/*':
...
gitlab:
level: $maintainer
group: $1
# @mycompany/myproject-foo` can be published by developers in the project foo-repo in group mygroup
'@mycompany/myproject-*':
...
gitlab:
level: $developer
group: mygroup
project: $1-repo
# foo-bar can be published by any member of foo-common/bar or foo-server/bar etc...
'*-*':
...
gitlab:
group: $1-*
project: $2
# @foo/bar can be published to by gitlab user foo
'@*/*':
...
gitlab:
user: $1That is, the
That would make the default behavior replicable with: Of course, that doesn't seem that trivial to implement, and the intersection with how you might want to configure packages sources, etc. might be a pain, but it seems like a decent strawman to start from? |
|
group and user settings are ignored, this is handled within gitlab and stated as a goal over here. |
I'm afraid if this was a response to me, that I don't really understand it. Does it help if I clarify the above is only referring to gitlab's username, user admin state, project name, and project group name? I thought that would be implied by the fact that you're an auth provider here. Since this is basically declaring a mapping between the group and project path and the package name, based on the rights you have to a gitlab group or project, then I don't see how it conflicts with the goal of "access & publish packages depending on user rights in gitlab", even if it's overly complex for the goal: I was pretty serious about it only being a strawman, and other suggestions for simplifying it are welcome. For example, perhaps this would work better for you, instead: auth:
gitlab:
package_mappings:
- '$user'
- '@$group/$project'
- '@mycompany-*/$project'
- ...i.e. a list of ways to map package names to required project/group membership. |
|
@simonbuchan We can consider this if you provide an MR, at the moment it is as it is. |
Hi,
the permission for @scope packages are to strict setup.
We are using in our setup a mono repo. (gitlab: groupName/projectNameMonoRepo).
We would like to name the @scope how our project name is called.
... '@projectNameMonoRepo/*': access: $authenticated publish: $authenticated gitlab: true ...I did a small POC for explanation --> https://github.com/25th-floor/verdaccio-gitlab/blob/v2.3.0/src/gitlab.js#L190
for the discussion.
The text was updated successfully, but these errors were encountered: