Assigned
Status Update
No update yet.
Comments
jm...@google.com
I have informed the engineering team of this request, and they are currently investigating implementations. There is no ETA for a release, but all further updates should occur here.
As for needing project browser permissions to use source repositories; as per the documentation [1] you only need the 'source.reader' IAM permission to access repositories, and 'source.writer' to edit them.
[1]https://cloud.google.com/source-repositories/docs/configure-access-control
As for needing project browser permissions to use source repositories; as per the documentation [1] you only need the 'source.reader' IAM permission to access repositories, and 'source.writer' to edit them.
[1]
ab...@getzippin.com
If Google wants any company to seriously use the Google cloud source repo, this is a blocker... not a P2. I moved part of the project to Bitbucket because of this issue.
ru...@google.com
@
"I've recently hired a freelancer from Upwork to do some PHP development. It would be great if I could restrict his access to only one repository or branch. As it stands now he can move between any of the repositories or branches I have in the project."
Repository specific permissions can be assigned to users in Cloud Source Repositories. The documentation for performing this action in the Cloud Source Repositories beta user interface is available athttps://cloud.google.com/source-repositories/docs/granting-users-access .
Cloud Source Repositories does not support branch-level permissions today. Do you want branch-level read permissions to allow the user to only view particular branches of the repository or are you looking for branch-level write permissions to support a pull request/code review workflow?
"Also, I shouldn't have to grant project browser permissions to allow use of source repos - source repository writer should be enough but gcloud init won't let you select the appropriate project without project browser. So now he can also see our IAM resources and billing details through cloud console."
I think this experience may not be obvious in places but you actually can use the UI and source repos without project access:
-In the Cloud Source Repositories beta UI athttps://source.cloud.google.com , all repositories you have access to are displayed regardless of whether you have access to the parent project or not. In the current UI on the Cloud Console, you can view repositories if you don't have project access only if someone shares a direct link to that repository with you.
-Using gcloud, you can use the source repos commands specifying any project you want. You are correct that gcloud init won't let you select the appropriate project without project browser permissions. To mitigate this, just select any project using gcloud init or if you have access to no projects, you can indicate that you don't want to create a project. You can then use a command such as "gcloud source repos clone --project {projectId} {repositoryName}" to clone the repository. Note that source repos commands which rely on project level permissions such as "gcloud source repos list --project {projectId}" won't work because the "source.repos.list" permission is required on a project to be able to list all repositories within a project. In that case, the user will see a permission denied error.
We'll improve our documentation to explain this more clearly. Thank you for the feedback and apologies for the delay in my response.
"I've recently hired a freelancer from Upwork to do some PHP development. It would be great if I could restrict his access to only one repository or branch. As it stands now he can move between any of the repositories or branches I have in the project."
Repository specific permissions can be assigned to users in Cloud Source Repositories. The documentation for performing this action in the Cloud Source Repositories beta user interface is available at
Cloud Source Repositories does not support branch-level permissions today. Do you want branch-level read permissions to allow the user to only view particular branches of the repository or are you looking for branch-level write permissions to support a pull request/code review workflow?
"Also, I shouldn't have to grant project browser permissions to allow use of source repos - source repository writer should be enough but gcloud init won't let you select the appropriate project without project browser. So now he can also see our IAM resources and billing details through cloud console."
I think this experience may not be obvious in places but you actually can use the UI and source repos without project access:
-In the Cloud Source Repositories beta UI at
-Using gcloud, you can use the source repos commands specifying any project you want. You are correct that gcloud init won't let you select the appropriate project without project browser permissions. To mitigate this, just select any project using gcloud init or if you have access to no projects, you can indicate that you don't want to create a project. You can then use a command such as "gcloud source repos clone --project {projectId} {repositoryName}" to clone the repository. Note that source repos commands which rely on project level permissions such as "gcloud source repos list --project {projectId}" won't work because the "source.repos.list" permission is required on a project to be able to list all repositories within a project. In that case, the user will see a permission denied error.
We'll improve our documentation to explain this more clearly. Thank you for the feedback and apologies for the delay in my response.
ru...@google.com
@
"Aug 2, 2018 10:51AM
If Google wants any company to seriously use the Google cloud source repo, this is a blocker... not a P2. I moved part of the project to Bitbucket because of this issue."
I'm sorry to hear that Cloud Source Repositories doesn't meet your needs today. We'll try to improve it so it's an option for you in the future. Can you please clarify which issue in particular you find to be a blocker to use Cloud Source Repositories?
-Repository level permissions? (Supported and documented today)
-Branch level permission? (not supported today)
-Code Review/Pull Requests? (not supported today)
-Not requiring project browsing permissions to use gcloud init? (Supported today but not clearly documented)
We really appreciate your feedback!
"Aug 2, 2018 10:51AM
If Google wants any company to seriously use the Google cloud source repo, this is a blocker... not a P2. I moved part of the project to Bitbucket because of this issue."
I'm sorry to hear that Cloud Source Repositories doesn't meet your needs today. We'll try to improve it so it's an option for you in the future. Can you please clarify which issue in particular you find to be a blocker to use Cloud Source Repositories?
-Repository level permissions? (Supported and documented today)
-Branch level permission? (not supported today)
-Code Review/Pull Requests? (not supported today)
-Not requiring project browsing permissions to use gcloud init? (Supported today but not clearly documented)
We really appreciate your feedback!
[Deleted User] <[Deleted User]>
we need to know that right now branch protection is available on google source code repository
how to protect our branch as like (we created 2 branch (1) dev-1.0 and master)
we want to protect master branch using the IAM roles/permissions
how to protect our branch as like (we created 2 branch (1) dev-1.0 and master)
we want to protect master branch using the IAM roles/permissions
[Deleted User] <[Deleted User]>
Hello
-Branch level permission? (supported today or not supported today)
please provide documentation
-Branch level permission? (supported today or not supported today)
please provide documentation
el...@atlas.market
I agree this should be a P1, an organization needs to have some protected branches with restricted write permission to only a few members, currently everyone can write (and force push) to any branch which is completely a blocker. Would google implement this and a PR mechanism and I'm sure the service will have an increased usage.
[Deleted User] <[Deleted User]>
Hi all, here we have the same requirement. As we don´t have PRs tool implemented in Google Cloud Repositories, we need (at least) to implement branching policies. Problem is that there are not any documentation and/or implementation and this is a BIG stopper. Please Google, let us know if you are going to take this in account as soon as possible because is very important. Thank you.
ch...@inventyv-git.com
We too want to have branch level rights management for security and compliance reason. Can someone please let us know, will it come and if yes roughly when? Thanks.
an...@cdp.lgdxp.com
Tired of source repo. Goodbye google no thanks for all the 4 years of ignorance on this issue
cs...@gmail.com
Comment has been deleted.
[Deleted User] <[Deleted User]>
Hi all,
In GCP cloud source repo does this feature is available now ?
In GCP cloud source repo does this feature is available now ?
Description
Also, I shouldn't have to grant project browser permissions to allow use of source repos - source repository writer should be enough but gcloud init won't let you select the appropriate project without project browser. So now he can also see our IAM resources and billing details through cloud console.