-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement TFE API for Team Tokens #624
Implement TFE API for Team Tokens #624
Conversation
internal/tokens/team_token.go
Outdated
Description string | ||
|
||
// Token belongs to an team | ||
Team string |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect this should be something closer to Team *team
, otherwise there's no easy way to look up the Team
details from the Token, without manually doing extra DB calls.
Hi Tom. Thanks for this. I know how difficult it is contributing to a codebase largely authored by someone else. But somehow you've managed to find your way through. Having multiple people familiar with the codebase, able to make large contributions such as this, shows promise for the project. Yes, it makes sense to introduce team as a new RBAC "class". I think of RBAC as a Subject doing an Action on a Resource of a Class. And in this instance, a team (Subject) can create/read/get (Action) a token (Resource) for itself (Class). (The codebase doesn't refer to "Class" or something of that nature but it should do). I've made the following updates:
Please read through the changes and check that a team token passes authentication. I may have introduced regressions. |
375813e
to
a648320
Compare
@leg100 I've rebased and updated to fix the conflicts. |
@leg100 I think this is ready for merge/review. Thanks so much for your earlier review and work here. I ran through some manual tests and fixed a SQL bit, but I think everything else is behaving. |
@tomwardill-payoneer Apologies for the delay in merging. I had to divert my attention to fixing bugs elsewhere. Thanks for your work on this! |
🤖 I have created a release *beep* *boop* --- ## [0.1.15](v0.1.14...v0.1.15) (2023-10-27) ### Features * Implement TFE API for Team Tokens (#624) 1e4b173 ### Bug Fixes * fix local execution mode (#627) aefb365 * agent error reporting ([#628](#628)) ([76e7dda](76e7dda)) * fixed defect with multiline tfvars not being escaped ([#631](#631)) ([f35dffa](f35dffa)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Louis Garman <75728+leg100@users.noreply.github.com>
Towards #580
This is the initial API implementation for Team Tokens. The TFE integration tests pass, but I don't think the token can actually be used to do anything as yet.
I've added
Team
as a sort of half-concept for the RBAC. It's not a full category in it's own right, but uses theUser
team memberships to authorize. Not sure if that's desirable, but it seemed a minimal effort fit as I understand how the RBAC works.