-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v0.18.0 github events fail with teams api permisison error #1967
Comments
Came here to report this as well. There seems to be a regression with v0.18.0. Got hit by From the app's logs, it seems as if the api is just responding with |
I also get a similar error message with gitlab (GitLab Enterprise Edition 13.12.8-ee). Which might be "good" news because it might not depend on the github/gitlab api call, but rather some regression in the event handling, which would could be easier to fix. I will try to debug more. The error only occurs for the command An example error message {"level":"debug","ts":"2022-01-03T19:06:20.108Z","caller":"logging/simple_logger.go:155","msg":"Ignoring non-command comment: \"```\\nError: User @foo.bar does not have permissions to execute 'unlock' command\"","json":{}} |
The GH app installed in your organization should request more permissions now. Organization admin should receive emails about it. After granting the permission everything works again for us. |
the Github allowlist only works on Github Orgs where there are teams, meaning that it will not work for example for the free version of Github since there is no teams API. If you want to use the github allowlist option you will have to get new API permissions to be able to pull team membership status. |
Hi, we don't use the new allowlist option but it seems atlantis is still trying to check team membership nevertheless. It fails with |
Forcibly disabling the feature won't work because of: Additionally, this default ensures that this statement is not true: and therefore calls to vcs are made. This must have been missed during the pull review, I'll see if i can get something out. |
@xiao-pp @jamengual we're using a GH setup with an org + teams and a service account (bot with a token) - no GH app installed and we're still seeing the same errors. |
@paulerickson @jamengual Thank you for the change on default value. Should we expect a new release soon or should we downgrade in the meantime? |
I don't quite understand how release 0.18.0 introduced a regression for gitlab users as well, if this user check is supposedly a github specific feature. I will update this ticket after testing the next release that contains the fix. |
please release 🙏🏻 |
We will rollout a release today. #1976 |
Community Note
Overview of the Issue
After upgrading to v0.18.0, GitHub events processing fails due to lack of permissions to the GitHub teams API. No response from Atlantis appears in GitHub comments. Atlantis is configured via GitHub App credentials. I'm guessing this relates to #1694
Logs below.
Reproduction Steps
Logs
Logs
Environment details
Additional Context
Adding members:read permissions to the Github app allows the events to process as expected.
The text was updated successfully, but these errors were encountered: