Is there a way to synchronize project members in phabricator automatically for example using REST API?
This is not currently supported. Feel free to file a request here describing your use case:
https://secure.phabricator.com/maniphest/task/create/
See also:
https://secure.phabricator.com/T3980 (Support "LDAP group" in policy infrastructure)
Related
Seeking input from anyone who has done this before.
We need to create additional organizations in GitHub that will be accessible to different groups of users so we moved to the Enterprise Cloud implementation. Our single Org will be moved into the Enterprise to absorb the seats into our Enterprise licenses.
We are using SAML SSO on our current org. I would like to setup a separate IdP definition for the Enterprise SSO configuration to start with and migrate the org users to the enterprise at a later time. Will this work as described?
I realize there may be some action innersource issues for private repos. But I think those just need to be changed to Internal.
If you have performed a similar migration, did you run into any unexpected issues? Do you have any tips to avoid any nasty hiccups?
The answer from their support groups is no, this will not work.
"configuring SSO at the Enterprise will overwrite SSO for all organizations under it."
I want to add a group/user to an Azure DevOps project with just access to repositories and pipelines.
If I deny "View project-level information" they don't have access to the project at all.
If I allow the "View project-level information" it gives them a read-only access to the Project Settings including permissions to see users and members of other groups etc.
It seems unbelievable that such a basic security and privacy hole exists.
Am I missing something in the config because I have never seen this in any other application and I find it hard to believe that everyone else using Azure DevOps finds this acceptable.
The easiest equivalent is GitHub (that Microsoft now owns) and you can't see the project settings if you are just a contributor.
How do I give external contractors access to the project to work but prevent them from viewing the Project Settings?
There is no possibility to restrict access to the Team Project - Project Settings page. The only thing that comes close is the feature that is now in preview: Limit user visibility and collaboration to specific projects, which will enable you to restrict access to the Organization Settings. You could suggest this feature in the Microsoft Developer Community.
In Azure devops is it possible to grant access (read-only) to a repo in a project without the user having access to the project containing the repo?
We want to use the repo basically as a file share with clients that shouldn't be able to see all our code/scripts/pipelines etc that exist in the parent project and other repos.
As stakeholder access on the project and Reader rights on the repo they had too much access to the project. Removing them from the project and creating a new group with limited repo rights they got to a forbidden, access denied screen which makes me think they have to have access to the project.
My testing is limited because of corporate environment I am unable to create additional users/emails and don't want to have to keep asking co-workers to test every change I could try.
Azure DevOps is designed to enable all valid users to view all objects defined in the system. You can restrict access to specific resources by setting the permission state to Deny.
So not quite sure if this specific requirement is achievable. The closest you could probably get to is this: Assign read-only rights to a single repository in Azure DevOps.
Here is a very similar idea on Developer Community from 2019: Restrict access to dev ops functionality for a guest user. One more resolved post: Restrict access to specific objects in DevOps.
If you think this implementing this suggestion can benefit others in the Community as well, do request it as a new feature on Developer Community for Azure DevOps.
Also go through the elaborate documentation available for configuring ADO granular security controls and check if changing individual permission at the project-level helps.
For every repository there are two "commit mention" settings enabled by default.
Is there a way to disable one of these or both by default (per project or even org) when a new repo is created?
I did not find any project or org setting in the web ui. Can this maybe done using some rest api?
Thank you
Instead of manually changing these options you can use the very same API as the WebUI does:
Endpoint:
https://dev.azure.com/{ORG}/{PROJECT-ID}/_api/_versioncontrol/UpdateRepositoryOption?__v=5&repositoryId={REPO-ID}
Request Type:
POST
Payload:
{"key":"WitResolutionMentionsEnabled","value": <true|false>}
Project ID and REPO ID (hash values) can be extracted either using the Developer Tools in your browser or using the Python API Wrapper.
I searched and tried with the related REST API (Repositories - Update) and Azure CLI (az repos), but did not find any available interface can change two option on repository settings.
Looks like, currently we have no available method to change the options of repository settings in batches. You may need to manually change these options.
If your projects really need this feature, I recommend that you can report a feature request on Developer Community. That will allow you to directly interact with the appropriate product team, and make it more convenient for the product team to collect and categorize your suggestions.
We run Google Cloud Functions (python), which require to be deployed from Google Cloud Source Repository. Since all the code is stored on GitHub we resort to first mirroring GitHub into Source Repository. Although this only requires a few mouse clicks, it becomes a burden to repeat over 3+ projects (dev, staging, production) times 5+ repos (5+ apps).
I am looking to automate the mirroring config, preferably to add into the Terraform automation we already use, into a hands-off project configuration. Does the Google API support this mirroring automation? So far on my Google Cloud expedition everything was available in their API!
I fail to find Terraform examples though, and would appreciate a tip.
Come to think of it, if I can take Source Repository out of the equation, that would be just fine with me too. After all, I only use it as a pass-through / empty shell.
The Cloud Source Repository API includes a Repo resource that has a Mirror Config object where you could type in your Github's URL, webhook and credentials to automate this procedure. I would initially test it with the create method, but if you have an existing Cloud Source Repository I believe the patch method will also be worth exploring.
Additionally, there is an open Feature Request in order to connect a repository via the Cloud Build GitHub App that I recommend you to star and follow, as it could further ease your automation needs.