Agent authorization for private manifest projects
Problem to solve
As an agent "owner", I want a way to allow the agent access to manifest projects, without me personally having access to those projects.
As a manifest project owner, I want a way to allow the agent access to my manifest project, without allowing read access to others.
Intended users
User experience goal
Be able to allow access to a specific agent in a project's settings.
A manifest project maintainer goes into a project settings, and allows a specific agent (defined by configuration project name and agent id) access to that repository.
For this to work the manifest project maintainer needs at least reporter access to the configuration project to get a list of available configuration projects.
Proposal
As discussed with @ash2k
, we don't need any tokens. By code we could access any repository with the agent, we just need a way to allow the user to give us access to a specific project. Currently, we're restricting ourself to public projects on purpose.
- Authorize the project if it's the agent's project => !48314 (merged)
- Utilize Deploy Tokens. See #268019 (closed)
Further details
Permissions and Security
Documentation
Availability & Testing
What does success look like, and how can we measure that?
Adoption increases. Right now, there is low likelihood of serious adoption as only public projects can be used with this feature
What is the type of buyer?
Is this a cross-stage feature?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.