API for managing Teams and Users #261
Comments
joshuafernandes
added
the
community_new
|
I feel with you, no API, no SSO auth. How docker thinks they can justify forcing people to buy subscription if they do not even provider proper tooling to manage users.... |
|
I agree. This capability is sorely needed. |
|
Another comment to endorse the need for this feature. |
|
There seems to be public API endpoints for this. I found this by adding myself and removing myself from my org, using I'm not sure if this is publicly documented anywhere, so these endpoints could change easily. The only thing I found so far is this: https://docs.docker.com/docker-hub/api/latest/. The naming seems pretty consistent, but since I used my dev tools vs. documentation I wouldn't expect these to last forever. Here's what I've found: Add users:Method: Get invitees here:Method: Resend inviteMethod Delete invitees:Method: Delete users:Method: Via group member endpoint
Via org member endpoint
Example setup:!#/bin/bash
UNAME=""
UPASS=""
ORG=""
DefaultGroup=""
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST -d '{"username": "'${UNAME}'", "password": "'${UPASS}'"}' https://hub.docker.com/v2/users/login/ | jq -r .token)
json='{"member": "'$userEmail'"}'
curl -X POST -d "$json" -H 'Content-Type: application/json' -H "Authorization: JWT ${TOKEN}" https://hub.docker.com/v2/orgs/$ORG/groups/$DefaultGroup/members/special thanks: https://gist.github.com/kizbitz/175be06d0fbbb39bc9bfa6c0cb0d4721 Note:Some of these must of course be url-encoded, so |
|
Hello, we are currently in the process of validating this feature and I'm interested in learning more about your use-cases. If you want to drop me a line at nuno.coracao@docker.com I'm happy to jump on a call. @joshuafernandes @carnei-ro @faradayfan @project0 |
nunocoracao
changed the title
|
Hi @nunocoracao, |
|
Hello @josh-higgs, thanks for your feedback. We are tracking the export users as a separate feature on #401 if you want to follow progress there. |
|
Is there a status update on development of this feature? I'm being tasked with evaluating a migration to DockerHub for my company, and it's beginning to look like there is no support outside of the (beta?) SCIM feature for SSO, which is only capable of provisioning and deprovisioning, for:
With the net result looking like a great deal of manual work is needed to support a business of significant size. |
|
We are looking for APIs to grant/revoke access to users/teams. And I can't put enough emphasis on how much these APIs are very critical for using DockerHub at scale in automated way. As whenever our automation adds a new repo, someone has to manually goto DockerHub web app and grant access to different teams/users. I see its open for more than a year and considering it's in investigation stage right now, can someone give me best case scenario and most likely scenario timelines for these APIs to be available in Production. |
|
@MercedesSteele (and maybe @nunocoracao) I am in the same situation as @raj-patel1 . We would need for example an API call to set specific permissions ("Read & Write") to a team for a given private repository (that we could create with the current API). As a reference, ChatGPT suggested the following ;)
curl -s -H "Authorization: JWT <ACCESS_TOKEN>" https://hub.docker.com/v2/orgs/<DOCKERHUB_ORG>/teams/ | jq -r '.teams[] | select(.name == "<TEAM_NAME>") | .id'
curl -s -H "Authorization: JWT <ACCESS_TOKEN>" -H "Content-Type: application/json" -X PUT -d '{"name": "<TEAM_NAME>", "permission": "write"}' https://hub.docker.com/v2/repositories/<DOCKERHUB_ORG>/<REPO_NAME>/team/$(echo -n "<TEAM_ID>" | base64)/ |
|
The /invitees endpoint doesn't seem to be there? Managing team memberships works, as does removing users from an org, but I still don't see a way to programmatically send an invitation to join an org. |
ajthilakan
assigned ajthilakan and izzychu and unassigned ajthilakan, izzychu and MercedesSteele
|
@markjreed "Add users" seems to be now the endpoint {
"org": "<YOUR_ORG>",
"team": "",
"invitees": ["john.doe@example.com"],
"dry_run": false,
"role": "member"
} |
Tell us about your request
Our organisation (& others I imagine ) would like to keep with the new subscription plans, however managing users for any of the lower tiers is going to be a nightmare if its is add/remove one by one.
Another option might be to enable SAML for the Team plan? Our org does not require any of the features of the Business plan but would be nice to have some way to programmatically add users upto 250 users.
Which service(s) is this request for?
Docker for Desktop
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
Managing 250 user licenses is not going to be a pleasant experience and would be nice to have a programatic API to do this. SAML is great but the price for a Business user cannot really be justified.
Are you currently working around the issue?
None available
The text was updated successfully, but these errors were encountered: