Comments (4)
should also validate other things that can cause migrations to fail. e.g.:
- token not SSO authorized
- feature flags not flipped
- repo must be initialized
from gh-gei.
Had an example where inventory-report
was failing for a customer with a 401 when trying to get the org owner. Probably because the PAT didn't have Full Access scope.
When a command fails because it's missing Scopes we should give a useful error message with what scopes are required for this specific command.
from gh-gei.
The octoshift backend now does a bunch of validation for PAT permissions, but there are some things that won't validate, for example ADO PAT permissions required to rewire pipelines or integrate-boards.
from gh-gei.
This is a fantastic issue, because we should definitely do what we can to validate input upfront and return great error messages.
But it'll benefit from being broken down into smaller issues covering specific kinds of credential validations we want to do.
I believe that the biggest benefit will come from validating target GitHub PATs.
That's because the calls to the target GitHub org often happen after other slow processes complete (e.g. waiting for the migration source to generate archives), so you might discover a problem with the PAT after a long wait and lots of work!
Here's the stuff that we could check up-front for a target PAT:
- Does the PAT have the required scopes for the operation you're trying to perform?
- Is the PAT SSO authorized for the organization you're trying to access?
- Do you have the permissions required within the organization to do the thing you're trying to do? (for most command, this means you need to be the owner or be granted the migrator role, but there are exceptions)
When working on the above points, we should be wary of making many API requests, as we want to conserve a PAT's rate limit to avoid limiting customers' migrations.
Beyond there, there is definitely other work we could do to validate source credentials - but that feels like lower value.
from gh-gei.
Related Issues (20)
- Unable to run gh gei migrate-repo HOT 2
- MigrateRepositoryJob: Pushing a batch of 1 Git refs failed on attempt 4/4. HOT 2
- [ado2gh] Unable to rewire pipeline when ADO Team Project has many BuildDefinitions (+10000)
- [ado2gh] RewirePipeline - Accept definitionId (int) for ado-pipeline parameter HOT 3
- ADO to GitHub - ADO Work Item links HOT 5
- ado2gh migrate-repo requires admin:org permission to complete migration from ADO to Github organization HOT 1
- Support linux-arm64 HOT 4
- Support for BitBucket HTTPS Token due to SSO/SAML authentication restrictions HOT 1
- Support darwin-arm64
- ado2gh migrate-repo optional overwrite of existing repo in github HOT 6
- `rewire-pipeline` Command Switches YAML Triggers HOT 4
- [gei] Secret scanning alert matching logic might need to be reversed for locations
- [gei] Add support for migrating secret scanning resolution comments
- 403 Forbidden Error unrelated to PATs/Permissions HOT 1
- Support linux-386 HOT 1
- [gei] Align code and tests for secret scanning and code scanning
- Not able to migrate repo beacuse there were redundant PR title HOT 1
- List users with migrator role
- integrate-boards throws NullReferenceException HOT 6
- Make `integrate-boards` command help text more clear
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gh-gei.