GitHub User Access Restrictions (v 4.0)

r-chris · 2018-08-09 11:56:36 UTC

Hi - I was wondering if there is a way to generally restrict to a group of GitHub users that are allowed to login to concourse when setting up OAuth. I setup GitHub Auth as described here: https://concourse-ci.org/install.html#github-auth-config

I have read this part about assigning specific GitHub users to concourse teams:
https://concourse-ci.org/authentication.html#github-auth

As this is not designed to work for the main team, I am not clear about what the intended user / admin pattern is now.

When using GitHub Authentication - does that mean all GitHub users are able to log into Concourse, if it is exposed on a public URL?
Is the intention with the main team to only have local users (as admins) assigned to this team?
Is setting CONCOURSE_MAIN_TEAM_ALLOW_ALL_USERS=true at the same time as having GitHub Authentication generally a bad idea - since it will make all GitHub Users Admins?

Thanks!

r-chris · 2018-08-10 10:52:53 UTC

Ok, what I didn’t see before are these options:

Authentication (Main Team) (GitHub):
  --main-team-github-user=USERNAME 
  --main-team-github-org=ORG_NAME
  --main-team-github-team=ORG_NAME:TEAM_NAME

I assume I need to define those appropriately and set:
CONCOURSE_MAIN_TEAM_ALLOW_ALL_USERS=false