Git Product home page Git Product logo

Comments (4)

dylan-smith avatar dylan-smith commented on August 9, 2024

should also validate other things that can cause migrations to fail. e.g.:

  • token not SSO authorized
  • feature flags not flipped
  • repo must be initialized

from gh-gei.

dylan-smith avatar dylan-smith commented on August 9, 2024

Had an example where inventory-report was failing for a customer with a 401 when trying to get the org owner. Probably because the PAT didn't have Full Access scope.

When a command fails because it's missing Scopes we should give a useful error message with what scopes are required for this specific command.

from gh-gei.

dylan-smith avatar dylan-smith commented on August 9, 2024

The octoshift backend now does a bunch of validation for PAT permissions, but there are some things that won't validate, for example ADO PAT permissions required to rewire pipelines or integrate-boards.

from gh-gei.

timrogers avatar timrogers commented on August 9, 2024

This is a fantastic issue, because we should definitely do what we can to validate input upfront and return great error messages.

But it'll benefit from being broken down into smaller issues covering specific kinds of credential validations we want to do.

I believe that the biggest benefit will come from validating target GitHub PATs.

That's because the calls to the target GitHub org often happen after other slow processes complete (e.g. waiting for the migration source to generate archives), so you might discover a problem with the PAT after a long wait and lots of work!

Here's the stuff that we could check up-front for a target PAT:

  1. Does the PAT have the required scopes for the operation you're trying to perform?
  2. Is the PAT SSO authorized for the organization you're trying to access?
  3. Do you have the permissions required within the organization to do the thing you're trying to do? (for most command, this means you need to be the owner or be granted the migrator role, but there are exceptions)

When working on the above points, we should be wary of making many API requests, as we want to conserve a PAT's rate limit to avoid limiting customers' migrations.

Beyond there, there is definitely other work we could do to validate source credentials - but that feels like lower value.

from gh-gei.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.