omniauth-digitalocean icon indicating copy to clipboard operation
omniauth-digitalocean copied to clipboard

Published 20 hours ago verified publisher icon digitalocean

Access only to specific resources

Open collimarco opened this issue 4 years ago • 1 comments

Hello,

is it possible to use DigitalOcean oauth (e.g. this official gem) to grant access only to specific resources (and not to the entire account)?

For example, think about a CI/CD service that needs to deploy to a Kubernetes cluster hosted on Digitalocean: how can it access ONLY to it? What do you recommend?

It might appear scary for the user to grant access to the whole account.

collimarco avatar Jan 22 '21 18:01 collimarco

Hey @collimarco,

It currently is not – as of today, you can only set a read or write scope for the API token generated as part of the OAuth flow.

I agree that it's scary for the user to grant access to whole account. More granular access control is a feature that is on our roadmap, but I'm not sure when or how long it will take for it to be available. I'll update this ticket as we make progress on this functionality.

bentranter avatar Jan 22 '21 19:01 bentranter