Configure permissions for deploy keys in the "protected environments UI"
Problem to solve
When deploying to a protected environment with a deploy key, but with insufficient permissions, the pipeline will fail and this will currently generate an error message.
We can currently not add the right permissions for the deploy key itself for protected environments
Intended users
User experience goal
Proposal
Allow Deploy keys to push to protected environments.
In this proposal, we're moving towards having an isolated permission model for deploy keys as a follow up from #30769 (closed). Therefore, users can see the keys in the protected environments' interface.
- Protected environments will rely on the access of the deploy key owner
- Deploy keys are able to deploy to protected environment if the owner does not have permission to do, but does have access to the project.
- When deploy keys are to be able to push the user is not made implicit with the same permission as this will cause unintended access.
- When a user is deleted/unassigned from a project the deploy keys will become unavailable.
- The workaround of the need for a bot/machine user account to not tie it to a real user account is known and deemed acceptable for now.
- **At the project level: - protected environments ** The drop-down for
Allowed to deploy
will get an additional section dedicated to deploy keys:Deploy keys
- Deploy keys section will feature an information hierarchy and architecture as depicted in the mockup.
- Ellipsing should happen if the content exceeds the width of the dropdown menu
- After this change, all of the users have to manually add a deploy key to the protected environments interface for giving it write permission. This means this regression requires user action after it's shipped (a blogpost will potentially help communicate this).
- Help text paragraphs
protected environments
will need an update similar to protected branches TODO
Mockup (Figma document) |
---|
Further details
Tech/func exploitation recording |
---|
Link |
technical/functional exploration regarding if the pipeline is failing silently or not, and what the output is. The scenario will feature a user who not a maintainer. Able to push to protected branch but not a protected env. Will use the user itself as a permission entity. |