-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: proposal for enhancing scoped repository credentials #18290
docs: proposal for enhancing scoped repository credentials #18290
Conversation
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
9e31080
to
4253314
Compare
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
For the sake of time and simplicity, we will not do any modifications of `repo-creds` secrets for this proposal. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Implementation of argoproj#18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Feedback from contributors' meeting, part one. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
In my case, with appProject as the standard for multi-tenant isolation (a department, or a devops team, or a deployment environment), we added the same git repository to different AppProjects (even though the git repository credentials were the same). For example, team A synchronizes repo/pathA (deploy application to dev) and Team B synchronizes repo/pathB(deploy application to prod). So there are two possible scenarios: The same repoUrl can be created multiple times, as long as their credential information is different |
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
@yyzxw that is a reasonable request and would be supported by this proposal. The proposal intends to implement
Whether the credentials are same or not would not matter; as long as they are in different projects that would still work. |
Implementation of argoproj#18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as it has ensured backward compatibility, I think it is the proposal is quite legit to put into action.
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Thanks @wanghong230 and @christianh814! I clarified some sections in regards to backwards compatibility - the gist of it being that nothing will change unless there are multiple repo secrets sharing the same URL. |
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
|
||
* If there is only one matching repository with the same URL and assuming the user is allowed to access it, use that repository | ||
whether it is project-scoped or not. This is inline with the current behavior. | ||
* If there are multiple repositories with the same URL and assuming the user is allowed to access them, then setting a |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* If there are multiple repositories with the same URL and assuming the user is allowed to access them, then setting a | |
* If there are multiple repositories with the same URL and assuming the user is allowed to access them, then setting a |
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for resolving all comments @blakepettersson !
…18290) * docs: proposal for enhancing scoped repository credentials Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: flesh out section on project matching Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: scope down proposal For the sake of time and simplicity, we will not do any modifications of `repo-creds` secrets for this proposal. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: added feedback Feedback from contributors' meeting, part one. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: modification date Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: remove use cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: spec update Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: clarify backward-compatability Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: further clarification of backwards compatibility Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: behavior in line with current impl Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: add reviewers Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com> Signed-off-by: rumstead <37445536+rumstead@users.noreply.github.com>
* feat: project-scoped repo cred improvements Implementation of #18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: missed a test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * wip project key changes Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: update mocks Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: equivalence even if project is empty Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: wip delete Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: remove repositorydb Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: improve logging Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: pass project to getrepository Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: compare with project secret instead of app secret Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: get repository needs same logic as delete Need to update the spec accordingly. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * feat: add project flag to repo rm command Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: make codegen Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: more failing tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: minor cleanups Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: propagate project from ui Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: add new test cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: code review, improve formulation Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: address cr feedback Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…18290) * docs: proposal for enhancing scoped repository credentials Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: flesh out section on project matching Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: scope down proposal For the sake of time and simplicity, we will not do any modifications of `repo-creds` secrets for this proposal. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: added feedback Feedback from contributors' meeting, part one. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: modification date Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: remove use cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: spec update Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: clarify backward-compatability Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: further clarification of backwards compatibility Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: behavior in line with current impl Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: add reviewers Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* feat: project-scoped repo cred improvements Implementation of argoproj#18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: missed a test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * wip project key changes Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: update mocks Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: equivalence even if project is empty Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: wip delete Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: remove repositorydb Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: improve logging Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: pass project to getrepository Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: compare with project secret instead of app secret Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: get repository needs same logic as delete Need to update the spec accordingly. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * feat: add project flag to repo rm command Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: make codegen Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: more failing tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: minor cleanups Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: propagate project from ui Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: add new test cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: code review, improve formulation Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: address cr feedback Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…18290) * docs: proposal for enhancing scoped repository credentials Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: flesh out section on project matching Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: scope down proposal For the sake of time and simplicity, we will not do any modifications of `repo-creds` secrets for this proposal. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: added feedback Feedback from contributors' meeting, part one. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: modification date Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: remove use cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: spec update Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: clarify backward-compatability Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: further clarification of backwards compatibility Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: behavior in line with current impl Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: add reviewers Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* feat: project-scoped repo cred improvements Implementation of argoproj#18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: missed a test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * wip project key changes Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: update mocks Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: equivalence even if project is empty Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: wip delete Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: remove repositorydb Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: improve logging Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: pass project to getrepository Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: compare with project secret instead of app secret Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: get repository needs same logic as delete Need to update the spec accordingly. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * feat: add project flag to repo rm command Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: make codegen Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: more failing tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: minor cleanups Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: propagate project from ui Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: add new test cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: code review, improve formulation Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: address cr feedback Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
…18290) * docs: proposal for enhancing scoped repository credentials Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: flesh out section on project matching Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: scope down proposal For the sake of time and simplicity, we will not do any modifications of `repo-creds` secrets for this proposal. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: added feedback Feedback from contributors' meeting, part one. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: modification date Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: remove use cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: spec update Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: clarify backward-compatability Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: further clarification of backwards compatibility Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: behavior in line with current impl Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: add reviewers Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * Update docs/proposals/project-scoped-repository-enhancements.md Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Josh Soref <2119212+jsoref@users.noreply.github.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
* feat: project-scoped repo cred improvements Implementation of argoproj#18290 Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: missed a test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * wip project key changes Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: update mocks Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: equivalence even if project is empty Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: wip delete Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: remove repositorydb Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: improve logging Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: pass project to getrepository Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: compare with project secret instead of app secret Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * fix: get repository needs same logic as delete Need to update the spec accordingly. Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * feat: add project flag to repo rm command Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * docs: make codegen Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: fix failing test Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: more failing tests Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: minor cleanups Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: propagate project from ui Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * test: add new test cases Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * chore: code review, improve formulation Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> * refactor: address cr feedback Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> --------- Signed-off-by: Blake Pettersson <blake.pettersson@gmail.com> Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Fixes #9581
Fixes #17897
Checklist: