Repository files navigation

An admission extension to limit system access based on GitHub organization and team membership. Here is a summary of how the extension works:

• if user is organization member, grant access
• if user is organization admin, grant admin access
• if user is member of designated team, grant admin access (optional)

Create a shared secret:

$openssl rand -hex 16bea26a2221fd8090ea38720fc445eca6

Download and run the plugin:

$docker run -d \  --publish=3000:3000 \  --env=DRONE_DEBUG=true \  --env=DRONE_SECRET=bea26a2221fd8090ea38720fc445eca6 \  --env=DRONE_GITHUB_TOKEN=3da541559918a808c2402bba5012f6c6 \  --env=DRONE_GITHUB_ORG=acme \  --env=DRONE_GITHUB_TEAM=admins \  --restart=always \  --name=admitter drone/drone-admit-members

Update your Drone server configuration to include the plugin address and the shared secret.

DRONE_ADMISSION_PLUGIN_ENDPOINT=http://1.2.3.4:3000DRONE_ADMISSION_PLUGIN_SECRET=bea26a2221fd8090ea38720fc445eca6

Test the admission extension using the command line tools. First you need to provide the command line tools with the extension endpoint and secret:

export DRONE_ADMISSION_ENDPOINT=http://localhost:3000export DRONE_ADMISSION_SECRET=bea26a2221fd8090ea38720fc445eca6

Use the following command to test account access:

$drone plugins admit octocatadmission: access denied