[Feature request] Add a write_repository access scope for deploy tokens
I'm using flux2 to deploy applications on kubernetes as recommended in Gitlab docs
On many projets I'm using flux image automation which needs write access to git repositories used for gitops.
I can use deploy tokens to read the registries, but not to write the git repositories: read_repository
is the only scope allowed for deploy tokens.
I cannot use deploy keys (which have a write_repository
scope), because corporate policy external forbids ssh access to my Gitlab instance.
Actually I'm using project tokens
but they now need to be rotated and that implies rotating the tokens on the projects and rotating the corresponding sealed secrets in the git repositories and I won't be able to automatize that.
Flux to GitLab access management (#389393) won't solve my problem, since it's about rotating the deploy key
used during Flux installation and not deploy token
nor tokens used with image automation
.
Deploy token have already write_registry
and write_package_registry
scopes, deploy keys have also a write_repository
scope,
so I thought that perhaps adding a write_repository
scope to deploy token
could be acceptable...