Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle the absence of write:org access gracefully #8

Open
ruuda opened this issue Feb 14, 2023 · 0 comments
Open

Handle the absence of write:org access gracefully #8

ruuda opened this issue Feb 14, 2023 · 0 comments
Labels
bootcamp Good for newcomers

Comments

@ruuda
Copy link
Contributor

ruuda commented Feb 14, 2023

Currently to scan a GitHub organization, we need write access to the organization:

github-access-manager/main.py

Lines 25 to 28 in 2d7e982

* "admin:org", which when checked implies both "read:org" and "write:org".
This application does not modify the organization, but some organization-wide
settings, such as the default repository permission, can only be read with
the full "admin:org" permission, and not with "read:org".

Unfortunately the GitHub API works this way, so to check the default repository permissions, we need admin:org on the token. However, if we have a token that doesn’t have admin:org, we could handle that gracefully and just not verify the organization-wide settings, and still verify everything else.

I would feel much more comfortable running this on an automated schedule with an access token that only grants read-only access.
@ruuda ruuda added the bootcamp Good for newcomers label Feb 14, 2023
@ruuda ruuda changed the title Handle the absence of admin access gracefully Handle the absence of write:org access gracefully Feb 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bootcamp Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ruuda