feat: Support team owners for conftest policies #2953
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DazWorrall
force-pushed
the
approver-from-teams
branch
from
107e58e to
872afff
Compare
nitrocode
reviewed
Jan 9, 2023
krrrr38
reviewed
Jan 9, 2023
| teams := []string{} | ||
|
|
||
| // Only query the users team membership if any teams have been configured as owners. | ||
| if prjCmds[0].PolicySets.HasTeamOwners() { |
There was a problem hiding this comment.
nice check 👍
📝 if teams setting is empty, not call api. so no breaking changes even if existed github-app doesn't have members:read permission.
|
If possible, please add
Once you edit this file and add into this PR, you can see preview from the github-action |
nitrocode
reviewed
Jan 10, 2023
DazWorrall
force-pushed
the
approver-from-teams
branch
from
872afff to
05216f2
Compare
DazWorrall
commented
Jan 10, 2023
There was a problem hiding this comment.
- Added tests based on feat(tests): Add ApprovePoliciesCommandRunner owner tests #2955
- Updated docs
- Re-tested
| @@ -57,6 +57,8 @@ GitHub App needs these permissions. These are automatically set when a GitHub ap | |||
|
|
|||
| ::: tip NOTE | |||
| Since v0.19.7, a new permission for `Administration` has been added. If you have already created a GitHub app, updating Atlantis to v0.19.7 will not automatically add this permission, so you will need to set it manually. | |||
|
|
|||
| Since v0.22.3, a new permission for `Members` has been added, which is required for features that apply permissions to an organizations team members rather than individual users. Like the `Administration` permission above, updating Atlantis will not automatically add this permission, so if you wish to features that rely on checking team membership you will need to add this manually. | |||
There was a problem hiding this comment.
v0.22.3
This is the next patch release number, not sure if this will end up being the correct version.
DazWorrall
force-pushed
the
approver-from-teams
branch
from
05216f2 to
40fe231
Compare
krrrr38
reviewed
Jan 10, 2023
DazWorrall
force-pushed
the
approver-from-teams
branch
from
40fe231 to
9e9392b
Compare
DazWorrall
force-pushed
the
approver-from-teams
branch
from
9e9392b to
23318fb
Compare
nitrocode
changed the title
|
@nitrocode is this still |
krrrr38
approved these changes
Jan 10, 2023
nitrocode
approved these changes
Jan 10, 2023
|
sorry if this is a dumb question but this works for teams under an org right? like i can do "owners": { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
what
In addition to a list of usernames, support checking team membership when validating a particular user can approve policy violations. The new code path is only executed if team membership is configured, so it's a low impact change for existing installations.
This also documents a missing GitHub app permission -
GetTeamNamesForUserwas added in #1694 and requires themembers:readscope, I had to add that to my GitHub app to test this feature.I need to make some doc updates for this, but wanted to get some feedback on the code first.docs updatedwhy
Maintaining a list of users by hand is a lot of toil for larger orgs.
tests
references