REST API endpoint returns empty workspaces list: /api /v2/organizations/{organizationId}/workspaces

Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

https://infisical.com

Other

15.78k stars 989 forks source link

REST API endpoint returns empty workspaces list: /api /v2/organizations/{organizationId}/workspaces #2728

Open dbsanfte opened 2 weeks ago

dbsanfte commented 2 weeks ago

I've been testing this API endpoint out and it seems to return an empty list of workspaces on my org.

https://infisical.com/docs/api-reference/endpoints/organizations/workspaces

I definitely have a lot in there. :)

I am using a Bearer token generated via an Admin-level Machine Identity and it can see other things like the groups in my org, etc.

But for workspaces I get nada:

dbsanfte@localhost:~$ curl --request GET --url https://eu.infisical.com/api/v2/organizations/{organizationId}/workspaces   --header 'Authorization: Bearer <my token>'

{"workspaces":[]}

Any ideas?

DanielHougaard commented 2 weeks ago

Hi @dbsanfte. The identity can only list projects that the identity is a part of. I've replied to your email as well.

dbsanfte commented 2 weeks ago

Thanks. Is there a way to provision an access level of "org admin" to an identity so it can see all projects in the org?

Beyond my current Envkey migration needs, the use case I'm envisioning is having Golden Templates as Github Repos, and developers clone these to start new projects, and a GA workflow runs where a machine identity automatically creates an Infisical project for the new repo,, and assigns the user's Infisical team with access on the project.

Is this achievable in the current iteration of the Rest API / machine identities scheme? If not, how much work would you think is needed to enable this? Or is there another way to go about it?