Agent authorization for private manifest projects
Problem to solve
As an agent "owner", I want a way to allow the agent access to manifest projects, without me personally having access to those projects.
As a manifest project owner, I want a way to allow the agent access to my manifest project, without allowing read access to others.
Intended users
User experience goal
Be able to allow access to a specific agent in a project's settings.
A manifest project maintainer goes into a project settings, and allows a specific agent (defined by configuration project name and agent id) access to that repository.
For this to work the manifest project maintainer needs at least reporter access to the configuration project to get a list of available configuration projects.
Proposal
As discussed with @ash2k, we don't need any tokens. By code we could access any repository with the agent, we just need a way to allow the user to give us access to a specific project. Currently, we're restricting ourself to public projects on purpose.
- Authorize the project if it's the agent's project => !48314 (merged)
- Utilize Deploy Tokens. See #268019
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
Adoption increases. Right now, there is low likelihood of serious adoption as only public projects can be used with this feature