Skip to content

Add GitHub authz provider

Warren Gifford requested to merge bl/gh-authz into master

Created by: beyang

This PR updates the CHANGELOG.md file to describe any user-facing changes.

This adds support for GitHub repository permissions. You can enable this by setting the authorization field in the GitHubConnection.

A couple of changes in dependency packages were necessary; these are factored out as separate commits:

  • rcache: add GetMulti and SetMulti to the rcache.Cache interface
  • githuboauth: set the OAuth access token in the AuthData field
  • codehost/github: ability to pass explicit tokens to some methods to override the default token used to authenticate to the GitHub API

The actual change is in the final commit. It adds the appropriate config fields and the authz/github.Provider type. Unlike the GitLab authz provider, the GitHub authz provider requires a user to authenticate via GitHub (i.e., we don't try to infer the correct GitHub account from other SSO providers, because limitations in the GitHub API prevent us from doing so). There is also a different caching strategy than in the GitLab support that has some nice properties (lower upper bound on latency for large repository sets) and it may make sense to migrate GitLab to this in a later PR.

One outstanding TODO is to invalidate cache items when the cache TTL changes. This seems unnecessary for v0, but I will implement it in an immediate follow-up PR.

Merge request reports

Loading