search

fission-codes / fission

Fission CLI & server
https://runfission.com/docs
119 stars 14 forks source link

CLI resource access delegation #417

Open bmann opened 3 years ago

bmann commented 3 years ago

So, something like fission app publish --key /path/to/key.

I currently keep my various account keys in the ~.config/fission/key folder and just switch them by renaming.

This is an advanced user feature -- but it's already a lot better than manually copying keys around, where I can then have the tools to create aliases like bmannpublish or something.

But at the same time, I never do this for Github keys, but maybe that's because I can't actually use this key to authenticate against their API, only to git itself?

expede commented 3 years ago

It's probably equally easy to do this by username. Two ways:

fission app publish --as bmann # stateless
fission user switch bmann      # stateful

We need to hold key maps in all cases, and this use case in anticipated in the current YAML. Feels like magic, but not hard to actually do!

expede commented 3 years ago

That said, I'm not totally clear really how useful this is. The actual underlying feature is more likely to be organizations, yes?

bmann commented 3 years ago

I wanted to document it, but it’s essentially a work around of having multiple accounts.

Not organizations — although I could of course add boris, bmann, borismann etc all into an organization to get the permissions.

expede commented 3 years ago

I'm unsure that we actually want to support this use case, since we can delegate subresource access to others. Changing the title!