►
A
B
B
C
C
C
C
A
D
Yeah,
so
my
idea
was,
since
we
can't
use
well
since
we're
unable
to
use
an
external
file.
This
is
all
on
the
assumption
that
it's
being
group
level,
we
can't
use
anything
in
a
repo,
and
so
we've
got
a
fairly
similar,
similar
process
at
the
moment
where
we
receive
configuration
from
caz
about
ci
access-
and
this
is
actually
very
similar-
I
was
thinking
we
could
extend
this
to
work
as
a
double
opt-in
mechanism
for
github's
access.
D
D
That
way,
we
can
show
them
in
a
ui
somewhere
on
project
and
group
level.
Someone
can
approve
them
and
then,
once
they're
approved,
when
the
check
is
performed,
whether
a
agent
has
access
to
a
project.
We
can
just
look
for
the
presence
of
an
approved
record
here
for
the
project
or
the
group,
a
group
above
it,
and
this
is
simpler
than
ci
access,
because
we
don't
have
any
of
the
performance
problems
that
we
had
to
kind
of
put
in
place.
Restrictions
for
in
ci
access.
D
A
A
So,
if
understood
correctly,
like
I
said
as
soon
as
someone
at
edits
the
agent
config,
this
will
dispatch
like
a
record
in
a
database
which
is
like
a
access
request
and
then,
when
someone
approves
the
access
request,
I
was
thinking
this
could
be
like
the
same
that
we
have
nowadays.
So
it's
just
like
it
would
add
authoritization
record
to
the
database
on
the
group-
authorization
for
instance
table
and
then
it's
all
the
same.
D
Yeah,
so
that
would
totally
work
for
get
ops
and
the
issue
with
ci
access
is
the
performance
problem
I
mean
for
a
small
group,
it
absolutely
would
work,
but
we
would
have
to
test
it
out.
I'm
sure,
there's
some
groups
out
there
with
huge
numbers
of
projects
and
the
problem
with
this
is
they
are
every
project.
Is
a
potential
agent
configuration
project?
Obviously
not
a
lot
of
them
will
be,
but
it
doesn't
really
help
with
the
search.
So
we
can
try,
but
we
might.
D
A
And
there's
also
a
follow-up
question
that
I
didn't
write
if
you
allow
me
to
to
keep
the
discussion
going
here,
because
there
is
this
like
requirement
where
we
expect
that
it
works
exactly
like
this.
What
to
exclaim
explain
right
now
for
projects
that
would
be
like
under
a
certain
route
level
name
space,
and
then
the
agent
can
be
configured
to
anyone
under
that
root
level.
A
A
D
Yeah,
so
this
is
where
it
got
a
bit
unclear.
Technically,
it
would
still
work,
but
it
feels
wrong
to
have
to
be
able
to
just
link
these
things
completely
with
it
without
some
kind
of
other
process
in
place
so
yeah.
I
think
the
process
would
still
be
the
same,
but
we
would
need
another
layer
on
top
for
determining
if
the
group
or
determining
the
access
between
them,
even
though
it's
self-managed,
we
can't
assume
that
access
will
be
implicit.
D
A
D
I
I
well,
I
think
so,
even
if
you
so
assuming
self-managed,
it
doesn't
necessarily
imply
that
one
company
right
or
one
set
of
users
that
should
have
access
to
everything,
and
I
thought
it
would
be
odd
if
you
had
two
top-level
name
spaces
on
self-managed
and
you
could
fill
an
authorization
screen
from
one
in
one
group
from
a
completely
different
top
level
space
with
users
that
aren't
common
between
them.
They
could
be
completely
separate.
D
So
I
think
the
self-managed
doesn't
necessarily
imply
same
company,
because
there
are
things
like
you
know:
open
source
projects
that
use
the
gitlab
for
many
different
things
and
you
they
still
have
open
sign
up
so
yeah.
I
think
it
might
need
something
else,
so
that
mainly
so
we
can't
just
have
we
don't
get
groups
that
get
spammed
with
also
authorization
requests
from
groups
that
have
no
relation
to
whatsoever,
but.
C
B
C
D
Oh,
I
was
gonna
say
it
would
be,
it
would
be
frustrating
as
a
group
owner
to
just
have
constant
requests
coming
in
that
you
knew
nothing
about
and
were
never
planning
on
accepting,
and
you
just
had
pages
and
pages
of
them
that
you
had
to
sift
through
to
use
your
own
to
accept
your
own
requests.
You.
C
A
But
I
also
like,
I
think
the
query
for
ci
will
be
even
crazier
if
we
allow
for
anyone
even
outside
of
the
root
level.
Namespace
right,
the
query
is
even
more
challenging
because
now
it's
suddenly
everyone.
So
it's
if
you
have
some
kind
of
different
authorization,
that's
more
like
one-to-one
thing.
You
know
then
yeah
yeah,
something
that
you
can
collect
the
list
of
authorizations
for
that
agent
if
this
is
recorded
somewhere
for
that
project.
If
this
is
recorded.
D
A
B
D
Maybe
it's
a
group
level
opt
out
and
if
you
toggle
this
flag,
then
your
group
cannot
be
cannot
be
configured.
You'll
never
have
requests
show,
but
I
can
also
see
if
the
next
feature
request.
On
top
of
that
will
be.
I
want
my
group
to
opt
out
of
every
thing
that
I
don't
know
about
ahead
of
time
and
then
we've
kind
of
gone
full
circle.
B
I've
even
received
spam
requests
to
some
of
my
projects
for
member
access,
and
they
worry
like
for
gitlab
projects,
even
like
some
people
are
like
hey,
give
me
developer
access
to
this
thing.
I've
seen
that
too
yeah
yeah.
So
I'm
wondering
if
there
is
a
solution
there,
like,
I
feel
like
with
users.
We
solve
it
by
just
banning
them.
C
A
B
Yeah
yeah
yeah,
so
this
is
something
that
victor
was
talking.
He
mentioned
this
in
respect
to
my
question
about
it
was.
It
was
basically
the
same
thing
I
was
thinking
like.
I
was
thinking
about
cross
group
requests
and
thinking
like
if
you
were
a
certain
level,
then
you
could
auto
like
we
would
need
to
approve,
because,
because
of
where
your
request
was
coming
from,
it
would
be
safe
to
auto,
approve
it.
B
But
in
response
to
that
point,
victor
said
that
he
wanted
core
to
not
have
approvals
at
all,
so
that
somewhat
actually
negates
the
whole.
Like
you
know,
gnome
kitty
debian,
all
of
those
would
be
core
and
they
would
not
have
approvals
at
all
like
they
would
just
auto,
have
auto
accepted
across
group
sharing.
A
I
think
I
think
we're
talking
by
about
self-managed,
I
think,
for
home.
We
want
yeah,
then
you
and
no
actually
for
dot
com.
So
if
you
dot
com,
you
have
the
your
company's
hierarchy
and
we
need
to
be
strict
about
the
company's
hierarchy
request.
So
when
you
try
to
request
something,
you
should
check,
is
it
under
your
hierarchy
or
not?
Otherwise,
you
failed
the
request.
Before
the
request
even
is
created,
you
fear
the
person
and
then,
if
you
add
some
something
that's
inside
of
your
company,
then
the
access
is
granted.
A
So
this
would
be
like
first
iteration.
I
think
that's
what
we
thought
so
because
it's
easier
to
start
and
create
less
work
in
dealing
with
with
settings,
so
self-manage
would
be
also
the
same.
Let's
understand,
but
can
we
can
it
be
the
same
if
you,
if
we
have
this
problem
of
not
being
the
same
company
for
self-managed,
if
you
have
more
than
one
company
self-managed
as
well,
then
the
requirements.
C
B
B
So
victor
thanks,
the
the
acceptor
deny
feature
for
when
you
share
act
like
so
when
you
request
the
git
ups,
access
that,
like
on
self
manage
it,
should
just
no
one
on
core
self
managed,
so
in
a
completely
free
self-managed.
It
should
just
be
auto,
accept
maybe
also
in
core
actually
maybe
also
on
free
on
github.com
within
single.
B
B
C
C
B
Lose
the
revocal
revocation
of
of
access.
Does
that
make
sense
so
when
an
agent
owner
says
like
I
had
previously
had
like
there's
access
currently
granted
and
I'm
revoking
it,
but
at
the
same
time
the
like
a
project
owner
that
was
being
given
access
accepts
it
so
that,
like
those
two
actions
happen
at
the
same
time,
we
want
to
make
sure
that
access
is
revoked,
no
matter
what.
C
B
B
C
Very
small
chance,
even
if
it's
not
a
small
chance,
it's
fine
because,
like
you
start
doing
things
and
then
you
lost
taxes
and
you
get
it.
You
know
an
error,
it's
fine,
and
even
if
you
not
get
you,
if
you
don't
get
an
error
immediately
as
long
as
you
do
get
it
eventually
in
some
reasonable
time
so
system
converges
on
some
stable
state
that
is
in
git
and
then
eventually
in
the
database,
then
it's
also
fine.
I
think
it's
all
good.
D
That
would
be
my
first
thought
and
if
we
were
really
wanted
to
crack
down
on
it,
I
think
we
could
have
caz
recheck
the
repository
after
it
receives
information
from
rails
when
it
asks
if
there's
access
and
rail
says
yes,
kaz
could
recheck
the
repository
and
see
if
that
was
still
there.
If
we
were
worried,
does
that
make
sense.
C
C
For
some
a
few
minutes,
I
don't
remember
and
just
to
speed
things
up,
because
every
extra
request
to
even
radius
is
a
network
open,
that's
terrible,
so
the
fewer
we
have
and
and
yeah
going
to
italy
to
check
something
on
disk
is
even
even
worse.
I
think
I
don't
think
it's
worth
it
like
it's
a
super
rare
thing
that
doesn't
actually
lead
to
any
terrible
consequences,
any
security
consequences
or
anything
actually
it
was
approved.
It
was
revoked
system
eventually
revoked
your
access,
it's
normal.
It
doesn't
have
to
be
like,
like
that.
You
know.
C
C
And
I
think
it
will
because
cost
each
time
it
gets
an
updated
commit
from
the
reposition,
even
not
even
an
updated,
commit
yeah
every
time
it
anyway.
It
sends
the
same
configuration
multiple
times
occasionally
in
certain
cases,
but
so
eventually
it
so
it
will
keep
spamming
basically
and
the
rails
if
it,
even
if
it
had
some
connectivity
problems
to
the
database
or
whatever,
was
unavailable
or
something
something
or
had
a
bug.
Eventually,
it
will
fix
the
database
and
eventually
the
access
will
be
revoked.
B
B
A
Let's
just
remember
we
also
talked
about
if
you
want
to
weigh
in
as
well
on
how
do
we
represent
the
groups,
for
instance
on
the
agent
config
and
like
there
was
a
proposal
like,
for
instance,
right
now.
We
have
manifest
projects,
we
could
have
manifest
groups.
This
is
one
option
and
then
you
can
add
groups
there.
A
C
B
B
By
listing
it
as
a
manifest
project
and
then
that
project
has
to
grant
access
for
ci
it's
different,
but
it's
still
circus,
because
then
there
you
can
list
the
group
and
grant
access
to
it.
And
if
we
want
the
ability
to
exclude
certain
agents
from
the
cube
config,
then
you
may
need
so
at
the
project
level.
You
may
need
to
go
up
and
look
just
like
when
we
eventually
populate
the
ci
jobs,
cube
config,
you
know
there.
B
We
look
at
all
the
groups
and
all
the
you
know
everything
that
granted
me
access
to
this,
like
every
all
the
agents
I
have
access
to.
We
need
to
show
that
also
to
the
user
so
that
they
can
say
no.
I
don't
want
my
engineers
to
be
able
to
deploy
here
and
here
and
here
if,
if
we
want
to
do
that,
but
that's
not
actually
what
we
should
be
discussing
now,
but
it's
still
like
relevant
it's
very
similar,
but
slightly
different.
A
But
also
for
manifest,
I
coming
back
now
as
well
like.
We
might
indeed
want
to
give
access
to
a
group.
I
think,
because
if
you
want
to,
I
think
that
was
the
idea,
at
least
when
we
were
discussing
this
morning,
because
if
you
have
like
a
yeah,
you
can
set
like
a
template
thing.
You
know
idea
and
ask
that
you
are
the
projects
under
that
group
create
manifests
under
a
certain
folder
or
something
like
that,
and
then
you
give
access
to
all
of
them
at
once.
A
Instead
of
having
to
give
access
to
each
one
of
them,
you
know
so
it
becomes
like
a
template
thing.
You
give
access
to
a
group,
that's
how
we
understood
at
least
allow
this.
Everyone
under
this
group
to
use,
manifests
githubs
and
then
every
project
has
to
put
the
folder
on
that
certain
specified
path.
That's
that's
how
I
understand.
B
B
But
then
the
question
is
should
so
you
say
I
allow
this
group
to
deploy
manifest
from
this
folder
or
just
a
deploy,
manifest
so
you're
kind
of
requesting
access
to
their
code,
but
then,
on
the
other
side,
who
is
it
that
grants?
Who
is
it?
That
proves
that?
Can
you
approve
it
at
a
group
level
or
does
each
project
have
to
opt
into
these
kinds
of
deployments
or
a
mixture.
A
E
A
C
C
Oh
god,
how
is
it
anyway?
Airbag
is
a
good
enough
example.
When
things
just
add
up
and
that's
how
you
configure
things
so
adding
the
grant
and
then
opt-in
is
always
difficult
and
having
it
in
the
database
also
makes
it
difficult
than
to
query
because
you
have
to
consult
yet
another
thing
to
exclude,
you
know,
do
the
allow
this
block
list,
merge
them
and
just
difficult
and
slow,
potentially
and
then
another
thing
I
want
to
say
is
that
is
there
actually
are
there
actually
people
who
want
this
like?
Why
do
they
want
this?
C
How
many
people
are
there
who
want
this?
Like
point:
zero,
zero,
one
percent?
Let's
not
do
that.
Second,
another
thing
that
I
want
to
say:
even
if
there
are
people
with
this
use
case,
which
I
I'm
not
sure
maybe,
but
there
are
not
many
of
them-
they
should
probably
use
some
sort
of
scripting
to
automate
this
whole
thing
rather
than
us
building
this
automation
like
thing
on
top
as
part
of
the
product,
and
they
can
use
terraform
for
that.
C
A
C
Yeah,
I
still
think
that
it
it's
much
better
to
do
just
for
people
who
need
this
to
just
let
them
do
it
using
a
script
or
terraform,
and
then
they
get
more
flexibility
in
what
they
can
do
rather
than
us
building
this
for
a
very
rare
use
case.
It
just
complicates
everything
once
you
add
this
feature,
you
have
to
do
opt-outs
and
that's
it's
a
pandora's
box.
Basically,
I
think
we
should
definitely
not
do
it
in
the
first
iteration.
A
B
B
E
C
B
Like
I,
I
can't
see
it
having
an
audience
because
autodevops
has
an
audience,
and
this
is
basically
lot
of
devops
with
githubs,
but
not
quite
because
it
doesn't
build
your
code
or
anything.
It
just
deploys
the
manifest
but
yeah
it's
like.
I
can
see
it
appealing
to
organizations
that
are
very
clamped
down
on
what
you're
allowed
to
do.
B
B
D
Okay,
I
just
so
I
saw
there's
a
point
in
the
ux
discussion
about
showing
the
path
and
the
response
from
victor
was
maybe,
after
it's
accepted,
we'll
show
the
path,
and
this
is
the
gitoff's
manifest
path.
I
would
expect
that
if,
in
your
agent
configuration
project,
you
changed
the
path
to
look
for
manifest.
B
D
B
D
C
And
it's
not
only
the
log.
Well,
maybe
it
is
only
globes
at
the
moment,
but
potentially
you
know
it.
It's
the
whole
configuration
block
for
this
repository,
so
we
should
probably
like
hash
it
and
store
the
hash
and
then
later
compare
it
with
whatever
is
present
in
the
new
configuration,
that
is,
that
was
sent
by
class.
A
A
C
C
C
A
B
C
D
It
could
be
that
the
approval
is
that
the
agent
can
access
this
project
and
it
might
not
have
anything
to
do
with
the
watch
files
specifically,
so
it
just
depends
what
we
want
to
go
with
and
that
way
the
approval
would
stand
for
any
future
updates.
So
we
could
pick
either.
I
don't
know
if
one's
more
correct
than
the
other.
C
We
need
to
ask
that
I
think
it's
a
kind
of
a
user
feature.
Ideally
it
should
be
as
simple
as
possible
and
just
has
access
to
this
project
is
hopefully
good
enough,
and
I
mean
you
are
deploying
your
stuff
into
this
kubernetes
cluster
that
is
owned
by
this
infrastructure
team.
So
you
don't
trust
them
like
you,
trust
them
to
run
your
application,
but
you
don't
trust
them
to
access
your
repository
like.
C
B
You
know
bike
shedding
or
where
there
may
be
technical
limitations
based
on
what
tools
they
are
using
outside
of
this
whole
thing,
you
know
they
might
have
to
put
manifests
three
levels
deep
because
of
something
something
you
know,
because
it
could
be
a
huge
monorepo
but
yeah.
I
don't
see
why
you
couldn't
just
ask
the
admin
administration
team
to
change
the
globs
on
that
side
there
there
must
be
some
communication
channel
between
the
agent
owner
and
the
project
owners.