packit-service icon indicating copy to clipboard operation
packit-service copied to clipboard
verified publisher icon packit

Authorization of fas group and non-collaborator github users

Open LecrisUT opened this issue 2 years ago • 2 comments

Description

The current model requires the person installing the packit app (or equivalent) to also have a fas account. This is not ideal when the packagers do not have sufficient admin privileges.

Suggestion

Introduce a few extra commands for delegating authority to pakit services:

  • Add command /packit delegate packager @github_packager
    • Make sure the person calling is a Github collaborator/owner of the repo
    • When succsesfull mark @github_packager as an equivalent admin role to packit commands, even if they have weaker repo permissions
    • The repo should then be configured because there is an admin
  • Add command /packit add packager @github_packager or equivalent CLI
    • Make an issue on packit/notification equivalent with the above, asking the Github collaborator/owner of the repo to approve/deny
  • Add command /packit verify-fas @fas_group
    • Make sure the person calling is a Github collaborator/owner of the repo and/or of the organization
    • Bind the Github group of the repo to a fas group. Search through fas group and make sure that there is a member with contributor privilege (less than admin)
    • All members/sponsors of @fas_group with configured Github account are marked admins
  • In the issue announcement ping all users with sufficient authority, and include instructions to these 2 cases

LecrisUT avatar Apr 03 '23 18:04 LecrisUT

We have discussed all the epics during our Q3 planning and with our limited capacity, we decided to focus on other ones (see the board). There are not really many users affected by this and for this small number of groups, we can still do the manual approval.

However, we are glad to help anyone with any contribution.

lbarcziova avatar Jul 03 '23 10:07 lbarcziova

After a team discussion, we didn't pick this as a top Packit team priority for the next quarter and preferred epics with bigger user benefits. Sadly, we (as the Packit team) have limited resources... If anyone wants to help us with this, we will be really glad. We are open to any collaboration and have already successfully implemented/started multiple affords thanks to people outside of the Packit team.

lachmanfrantisek avatar Sep 27 '23 14:09 lachmanfrantisek