Open suzuki-shunsuke opened 5 months ago
The policy may live in a private repo, and since we haven't authorized the caller we don't want to leak any data back to the caller.
@wlynch had some work to add a validating webhook for policies, which I think may have gotten closed when I moved this into its own org, but we should potentially revisit as a way to check things before they are merged into the repository vs. at STS time.
Thank you for your quick answer!
The policy may live in a private repo, and since we haven't authorized the caller we don't want to leak any data back to the caller.
I see. It makes sense.
wlynch had some work to add a validating webhook for policies, which I think may have gotten closed when I moved this into its own org
Are you talking about this pull request?
wlynch closed this by deleting the head repository on Mar 13
Yeah that’s the one.
Revived at https://github.com/octo-sts/app/pull/247!
Hi, thank you for your great project! I have a question about this app.
Some error messages of this App aren't helpful. For example, when this App can't parse trust policy, the App outputs
Error: unable to parse trust policy found for "***"
but we can't understand why.e.g.
I checked the source code then I found this App hides the error detail intentionally.
https://github.com/octo-sts/app/blob/1fc549c0973c27a9aba0257626d1903486dee2d9/pkg/octosts/octosts.go#L311-L315
But I'm not sure why. Why does this App hide an error detail? Do we need to hide Trust Policy from clients?
Error detail would be helpful for troubleshooting.