Skip to main content

GitHub Files + Indent Webhook

This guide will show you how to deploy a webhook for Indent to communicate with for granting and revoking access, among other operations, to ACL files inside a GitHub repo. This webhook can be run as an AWS Lambda.

There are direct code examples in the indentapis/examples repository. Take a look at the code that will run in these webhooks: terraform-aws-github-files-webhook.

This page assumes that you or someone on your team has already completed the Quickstart. If you haven't already, we would recommend you check it out - it should take 5 minutes.

Prerequisites

Overview

We're going to manually create an Indent Resource for each ACL role then set up automated change management. This webhook integration only works when your application uses an ACL file for managing access because it makes changes directly to the file.

Currently, this webhook can only be deployed on AWS.

Step 0: Configure your cloud provider

Before getting started, let's get all the AWS-specific items ready:

Step 1: Create custom Indent Resources

Create the resource

  1. Sign into your Indent Space.
  2. Go to your Resources.
  3. Click "New" and create a new Resource.
    • Under resource kind, type in "customApp.v1.Role"
    • Enter the name of your Custom App
    • Enter the ID of your Custom App
    • Add these labels to your resource:
      • githubRepo path to the repo, e.g. org/repo_name
      • githubPath path to the file, e.g. conf/prod.conf
      • role Name of the role, e.g. admin

Create the ACL file

Create an ACL file in the GitHub Repo you want Indent to manage. Include each role as an entry in the file. Note, Indent can only manage roles inside the comment blocks in your ACL file.

Example:

"app_roles" = {
"admin" = [
"engineer1@example.com",
"engineer2@example.com",

//indent:managed start admin
//indent:managed end
]
}

Step 2: Deploy the change webhook

Download the example:

curl https://codeload.github.com/indentapis/examples/tar.gz/main | tar -xz --strip=3 examples-main/webhooks/change/terraform-aws-github-files-webhook
cd terraform-aws-github-files-webhook

Follow the instructions in the README to complete the deployment process then save the new webhook in your Indent Policies.

Step 3: Configure your Indent policies

  1. Open the "Access Request Rules" section and navigate to the rules for your new resource.
  2. Configure the approvers for granting access to Custom App roles.

Step 4: Make a test request

  1. Go to Request Access.
  2. Select your ACL Role from the dropdown and enter a reason for access.
  3. Once access is approved, check your GitHub Repo ACL file to confirm membership.

Congrats! You've just configured requesting and managing ACL File access with Indent.