turbot
Support fine grained personal access tokens
Is your feature request related to a problem? Please describe. Add support for fine grained personal access tokens to minimize the permissions needed to retrieve data from tables of interest to the user (up to the user to ensure they have added the right permissions to the FG PAT).
Describe the solution you'd like
This is a simple change in 4 places in connect and connectV4. Everywhere you validate that the supplied token has the ghp_ prefix, also allow the github_pat_ prefix. I tested that this works as expected.
@Graza-io, @CBruno10, Further more — I have a few findings related to the fine-grained access token.
The error Resource not accessible by personal access token is caused by a GraphQL field error. You can refer to this documentation on how to handle such errors.
I tested the fix with the github_issue and github_my_issue tables, and pushed some changes to the branch add-support-for-fine-grained-access-token. The code changes seem to be working fine.
However, I’m not entirely sure if this is the best solution. Any thoughts would be appreciated.
@ParthaI @graza-io @cbruno10
Hello everyone, I support Fine-grained personal access token (github_pat_) In large enterprise companies, the security department may refuse to use Personal access token (classic).
The permissions that the module requires in the documentation: https://hub.steampipe.io/plugins/turbot/github
Are unacceptable for those who care about their security.
I suggest considering the points below if you are interested in attracting large companies to use your tool:
- adding "Fine-grained personal access token" even if this will make some functionality unavailable until GitHub fixes the restrictions on its side.
- Suggest in the documentation the smallest set of privileges required to perform checks.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I've been using @ParthaI's add-support-for-fine-grained-access-token branch and it is working well for me. Are there plans to merge this?
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
@e-gineer I still believe that this is a great feature and it needs to be finished.
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.
Hello @ramses999 / @heasman-proof, Apologies for the delay in addressing this issue, and thank you for your patience.
I've opened a PR to resolve it. If you're open to trying it out ahead of the official release, please feel free to test it using the PR branch and share any feedback or observations.
Your early feedback would be greatly appreciated!
Thanks again!
@heasman-proof @ramses999 Fine-grained access token support has been released, please give the new version a try and let us know if you spot any issues!
@heasman-proof @ramses999 Fine-grained access token support has been released, please give the new version a try and let us know if you spot any issues!
This is great news, we will try to test it, but I may not respond until a couple of weeks due to workload.