英文:
Create git server with many repositories
问题
我将创建一个类似于GitLab或GitHub的产品。请从技术角度考虑我的问题。
我面临的问题是对存储库的访问控制。我需要以某种方式区分特定SSH密钥的访问权限。也就是说,密钥应该只能访问一个存储库,而不是所有存储库。
我查看了Git服务器的组织方式:创建了一个Git用户(这就是它被称为的,我感到震惊)),创建了一个存储库(一个),并添加了开发参与者的SSH密钥。因此,我需要这个存储库不仅仅是一个,但密钥不会授予对所有存储库的访问权限。
如果您了解GitLab、GitLab、gitlab等服务和产品是如何组织的,我真的想知道如何组织访问权限。我将非常高兴听到任何评论、问题、答案,提前感谢您对这个问题的关注。
英文:
I'm going to create a product similar to GitLab, or GitHub. Please consider my question from a technical point of view.
I am faced with the problem of access control to repositories. I need to somehow distinguish the access of certain ssh-keys. That is, the key should give access to one repository, not to all.
I looked at how git servers are organized: a git user is created (that's what it's called, I'm shocked))), a repository (one) is created and shh keys of development participants are added. So, I need this repository to be not one but many, but the key did not give access to all depositories.
If you know how such services and products as GitLab, Gitlab, gitlab are organized, I really want to know how to organize access. I will be glad of any comments, questions, answers, thank you in advance for your attention to the question)))
答案1
得分: 2
在规模上,您将需要一个数据库或数据库表,将特定的公钥与特定的用户帐户(或一组帐户)关联起来。这解决了几个问题:
- 用户可以管理自己的密钥
- 用户只能与他们有权限的存储库进行交互
- 用户可以为自动化系统(特别是CI/CD)创建服务帐户或部署密钥
- 更改立即对连接到该数据库的每个工作者可用(否则您将不得不等待每个工作者依次更新)
- 对块存储上的文件权限变得更加简单(
git
用户拥有所有权,并且访问是通过您的代码权限模型来管理的)
当然,现在您必须管理一个带有复制、备份和故障转移计划的数据库 - 但如果您想在普通Git的基础上复制所有额外的GitHub/GitLab等功能,那么您无论如何都会需要一个。
英文:
At scale, you're going to need a database or database table of some sort associating a specific public key with a specific user account (or set of accounts). This solves several problems:
- Users can manage their own keys
- Users can only interact with repos where they have permission
- Users can create service accounts or deploy keys for automated systems (especially CI/CD)
- Changes are immediately available to every worker that connects to that database (otherwise you'll have to wait for something to update each worker in turn)
- File permissions for files on block storage becomes much easier (the
git
user owns everything, and access is managed through your code's permissions model)
Of course, now you have to manage a database, complete with replication and backups and failover plans - but if you want to replicate all the extra GitHub/GitLab/etc. bells and whistles on top of vanilla Git, then you'll have one of those anyway.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论