GitHub Files + Indent Webhook
This guide will show you how to deploy a webhook for Indent to communicate with for granting and revoking access, among other operations, to ACL files inside a GitHub repo. This webhook can be run as an AWS Lambda.
There are direct code examples in the indentapis/examples repository. Take a look at the code that will run in these webhooks: terraform-aws-github-files-webhook
.
This page assumes that you or someone on your team has already completed the Quickstart. If you haven't already, we would recommend you check it out - it should take 5 minutes.
Prerequisites
- GitHub Account
- Personal Access Token with the following scopes:
repo
- Personal Access Token with the following scopes:
Overview
We're going to manually create an Indent Resource for each ACL role then set up automated change management. This webhook integration only works when your application uses an ACL file for managing access because it makes changes directly to the file.
Currently, this webhook can only be deployed on AWS.
Step 0: Configure your cloud provider
- AWS
Before getting started, let's get all the AWS-specific items ready:
Step 1: Create custom Indent Resources
Create the resource
- Sign into your Indent Space.
- Go to your Resources.
- Click "New" and create a new Resource.
- Under resource kind, type in "customApp.v1.Role"
- Enter the name of your Custom App
- Enter the ID of your Custom App
- Add these labels to your resource:
githubRepo
— path to the repo, e.g.org/repo_name
githubPath
— path to the file, e.g.conf/prod.conf
role
— Name of the role, e.g.admin
Create the ACL file
Create an ACL file in the GitHub Repo you want Indent to manage. Include each role as an entry in the file. Note, Indent can only manage roles inside the comment blocks in your ACL file.
Example:
"app_roles" = {
"admin" = [
"engineer1@example.com",
"engineer2@example.com",
//indent:managed start admin
//indent:managed end
]
}
Step 2: Deploy the change webhook
- AWS
Download the example:
curl https://codeload.github.com/indentapis/examples/tar.gz/main | tar -xz --strip=3 examples-main/webhooks/change/terraform-aws-github-files-webhook
cd terraform-aws-github-files-webhook
Follow the instructions in the README
to complete the deployment process then save the new webhook in your Indent Policies.
Step 3: Configure your Indent policies
- Open the "Access Request Rules" section and navigate to the rules for your new resource.
- Configure the approvers for granting access to Custom App roles.
Step 4: Make a test request
- Go to Request Access.
- Select your ACL Role from the dropdown and enter a reason for access.
- Once access is approved, check your GitHub Repo ACL file to confirm membership.
Congrats! You've just configured requesting and managing ACL File access with Indent.