Skip to content

Configure permissions for deploy keys in the "protected environments UI"

Problem to solve

When deploying to a protected environment with a deploy key, but with insufficient permissions, the pipeline will fail and this will currently generate an error message.

We can currently not add the right permissions for the deploy key itself for protected environments

Intended users

User experience goal

Proposal

Allow Deploy keys to push to protected environments.

In this proposal, we're moving towards having an isolated permission model for deploy keys as a follow up from #30769 (closed). Therefore, users can see the keys in the protected environments' interface.

  • Protected environments will rely on the access of the deploy key owner
    • Deploy keys are able to deploy to protected environment if the owner does not have permission to do, but does have access to the project.
    • When deploy keys are to be able to push the user is not made implicit with the same permission as this will cause unintended access.
    • When a user is deleted/unassigned from a project the deploy keys will become unavailable.
    • The workaround of the need for a bot/machine user account to not tie it to a real user account is known and deemed acceptable for now.
  • **At the project level: - protected environments ** The drop-down for Allowed to deploy will get an additional section dedicated to deploy keys: Deploy keys
  • Deploy keys section will feature an information hierarchy and architecture as depicted in the mockup.
    • Ellipsing should happen if the content exceeds the width of the dropdown menu
  • After this change, all of the users have to manually add a deploy key to the protected environments interface for giving it write permission. This means this regression requires user action after it's shipped (a blogpost will potentially help communicate this).
  • Help text paragraphs protected environments will need an update similar to protected branches TODO
Mockup (Figma document)
image

Further details

Tech/func exploitation recording
YouTube Thumbnail
Link
technical/functional exploration regarding if the pipeline is failing silently or not, and what the output is. The scenario will feature a user who not a maintainer. Able to push to protected branch but not a protected env. Will use the user itself as a permission entity.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

Links / references

Edited by Orit Golowinski