pipecd icon indicating copy to clipboard operation
pipecd copied to clipboard

Published 20 hours ago verified publisher icon pipe-cd

Support GitHub teams(30+) in the single sign-on.

Open misukuro opened this issue 2 years ago • 11 comments

What would you like to be added:

In the Single sign-on feature with Github, it would be great if we could set up permissions with Role-Based Access Control, even if a user belongs to many teams (30+).

Why is this needed:

I am configuring single sign-on for access to PipeCD's Project using Github Enterprise.

The problem I am encountering is that when I assign a role such as editor on PipeCD Project to a newly created team, I get the following error.

auth-handler: Unable to find user {"error": "user (<my name>) not found in any of the 30 project teams"}

According to the github api documentation, only 30 teams are returned by default. https://docs.github.com/en/rest/reference/teams#list-teams-for-the-authenticated-user

Therefore, the current code does not seem to be able to retrieve more than 30 teams. https://github.com/pipe-cd/pipecd/blob/5c1e5197f14b71d/pkg/oauth/github/github.go#L107 https://github.com/google/go-github/blob/3e8a7f0fbe0e4402f9ad/github/teams.go#L529-L531

misukuro avatar Apr 07 '22 00:04 misukuro

@misukuro Hello. Thanks for your report. You are totally right. Currently, only 30 teams are being fetched to check. We will find a solution to solve this problem. But as a temporary solution, we can increase the PerPage value to 100.

So could you please send a pull request to explicitly specify the PerPage value in ListOptions to 100 at this line https://github.com/pipe-cd/pipecd/blob/5c1e5197f14b71d/pkg/oauth/github/github.go#L107 ?

nghialv avatar Apr 07 '22 03:04 nghialv

@misukuro Btw, if you are encountering this problem in your environment, we can have a new release immediately after having that temporary fix.

nghialv avatar Apr 07 '22 04:04 nghialv

@nghialv Hi, thanks for the quick confirmation. I have created a PR for a temporary fix. Could you please review it? https://github.com/pipe-cd/pipecd/pull/3502

misukuro avatar Apr 07 '22 06:04 misukuro

@misukuro Thank you for your contribution.

We are reviewing it now and going to make a new release after it got merged. 🙌

nghialv avatar Apr 07 '22 06:04 nghialv

@misukuro We have just released v0.27.2 which contains your patch. Please upgrade to that version to fix your described problem.

We also have just upgraded the PipeCD playground environment and confirmed that it works fine. https://play.pipecd.dev/applications?project=play (If you want you can log in to that environment to see the newest version of PipeCD)

Please let us know if you face any other issues. Thanks.

nghialv avatar Apr 07 '22 09:04 nghialv

@nghialv I upgraded my environment to v0.27.2 and confirmed that I can now log in. Thanks for your help.

misukuro avatar Apr 08 '22 01:04 misukuro

@misukuro Glad to hear that.

Thank you.

nghialv avatar Apr 08 '22 01:04 nghialv

quick question: so this issue is solved?

rfelgent avatar May 28 '22 06:05 rfelgent

quick question: so this issue is solved?

it's temporary fixed by update the pageSize of Github api request to 100 (previously 30), so if your github org's teams number is lower than that limit, it should be fine 👍

khanhtc1202 avatar May 28 '22 06:05 khanhtc1202

@khanhtc1202 ,

thx for the explanation. Yes, for me this issues is fixed :)

thx again!

rfelgent avatar May 30 '22 04:05 rfelgent

@rfelgent you are welcome 😄 Thanks for using PipeCD :)

khanhtc1202 avatar May 30 '22 05:05 khanhtc1202

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 7 days.

github-actions[bot] avatar Nov 15 '23 00:11 github-actions[bot]

This issue was closed because it has been stalled for 7 days with no activity. Feel free to reopen if still applicable.

github-actions[bot] avatar Nov 22 '23 00:11 github-actions[bot]