gh-gei icon indicating copy to clipboard operation
gh-gei copied to clipboard

Published 20 hours ago verified publisher icon github

Explicit validation of PAT permissions

Open dylan-smith opened this issue 4 years ago • 4 comments

Right now if a PAT doesn't have the right permissions, some of the API calls will just crash and spit out a stack trace.

Would probably be a nicer experience if the tooling started by explicitly validating the PAT(s) had the necessary permissions, and giving user-friendly error messages if they didn't.

dylan-smith avatar Oct 16 '21 06:10 dylan-smith

should also validate other things that can cause migrations to fail. e.g.:

  • token not SSO authorized
  • feature flags not flipped
  • repo must be initialized

dylan-smith avatar Jan 23 '22 02:01 dylan-smith

Had an example where inventory-report was failing for a customer with a 401 when trying to get the org owner. Probably because the PAT didn't have Full Access scope.

When a command fails because it's missing Scopes we should give a useful error message with what scopes are required for this specific command.

dylan-smith avatar Sep 01 '22 21:09 dylan-smith

The octoshift backend now does a bunch of validation for PAT permissions, but there are some things that won't validate, for example ADO PAT permissions required to rewire pipelines or integrate-boards.

dylan-smith avatar Nov 05 '22 16:11 dylan-smith

This is a fantastic issue, because we should definitely do what we can to validate input upfront and return great error messages.

But it'll benefit from being broken down into smaller issues covering specific kinds of credential validations we want to do.

I believe that the biggest benefit will come from validating target GitHub PATs.

That's because the calls to the target GitHub org often happen after other slow processes complete (e.g. waiting for the migration source to generate archives), so you might discover a problem with the PAT after a long wait and lots of work!

Here's the stuff that we could check up-front for a target PAT:

  1. Does the PAT have the required scopes for the operation you're trying to perform?
  2. Is the PAT SSO authorized for the organization you're trying to access?
  3. Do you have the permissions required within the organization to do the thing you're trying to do? (for most command, this means you need to be the owner or be granted the migrator role, but there are exceptions)

When working on the above points, we should be wary of making many API requests, as we want to conserve a PAT's rate limit to avoid limiting customers' migrations.

Beyond there, there is definitely other work we could do to validate source credentials - but that feels like lower value.

timrogers avatar May 22 '23 17:05 timrogers