Assess use of crates.io in Mozilla's GitHub organization mozilla
Categories
(mozilla.org :: Github: Administration, task)
Tracking
(Not tracked)
People
(Reporter: janerik, Assigned: hwine)
Details
Attachments
(1 file)
|
29.65 KB,
image/png
|
Details |
2b97945beb.png
I want to use the crates.io in mozilla for the following reasons:
I want team access to multiple crates instead of adding individual people.
Team: https://github.com/orgs/mozilla/teams/glean
Docs:
- https://doc.rust-lang.org/cargo/reference/publishing.html#cargo-owner
- https://doc.rust-lang.org/cargo/reference/publishing.html#github-permissions
Below are my answers to your stock questions:
** Which repositories do you want to have access? (all or list)
https://github.com/mozilla/glean (contains multiple Rust crates)
** Are any of those repositories private?
No
** Provide link to vendor's description of permissions needed and why
Providing access to a Rust crate on crates.io to a team:
https://doc.rust-lang.org/cargo/reference/publishing.html#cargo-owner
** Provide the Install link for a GitHub app
No install link, crates.io requests the permissions
@janerik - an owner of the crate is the one who can add the team to the owner's list. It's not something an owner can do.
Since this interaction only impacts the specific repository, it's the repo admins who make the decision. There is no security impact to the organization.
|
Reporter | |
Comment 2•6 years ago
|
||
:hwine, unfortunately this is not limited to our own repository where we would have control over it.
crates.io needs to read the organization's team structure to allow a specific team for a specific crate.
The error message I'm getting:
$ cargo owner --add github:mozilla:glean glean
Updating crates.io index
error: failed to invite owners to crate glean: api errors (status 200 OK): It looks like you don't have permission to query a necessary property from Github to complete this request. You may need to re-authenticate on crates.io to grant permission to read github org memberships. Just go to https://crates.io/login
This leads me to believe this is an org-wide permission that's missing.
If that's not desired, then I'll move ahead and will add individual people to the crate.
Odd, as long as you're logged in to GitHub with the account you use in mozilla, you have permissions to view the membership & teams.
Sounds like a bug in cargo -- do they have a --debug output or similar?
|
|
Reporter | |
Comment 4•6 years ago
|
||
Hm, I go through the whole login process again (already did that, but ... turning it off and on again helped so often, it might as well do it's job here)
|
|
Reporter | |
Comment 5•6 years ago
|
||
I revoked crates.io oauth access in my github account and thus forced a complete new oauth process on crates.io afterwards.
It then showed me the different permissions for the orgs I'm in.
As shown in the screenshot attached I'm getting a "The application cannot access this organization's private data or modify its public data" message for the Mozilla group.
Cargo still gives me the same error message afterwards, meaning I can't add the Glean team, part of the Mozilla org, as a crates owner.
For now I'm going to invite individuals, but maybe it's still possible to enable shared team access.
|
|
Reporter | |
Updated•6 years ago
|
:janerik - thanks for the followup -- this is an issue with crates.io. Their support may be able to provide a workaround, such as "you only need 'owner' for the duration of running the command".
Please reopen if you get additional information.
Description
•