Since the beginning, Deveo has had a unique concept called bot accounts, or simply bots. Bots are used for external access to both Deveo APIs as well as version control systems. We have revised the bot account scheme in Deveo 3.4.0 to overcome some of the limitations in the previous scheme, as well as to offer more cohesive experience, and the ability to improve the functionality further in the future. In this blog post we will go through the changes and how they improve managing non-personal access to Deveo.
Old bot account scheme and its limitations
In the old bot account scheme there were two types of bots:
- Project specific bots, and
- Company bots
The difference between project specific bots and company bots was that project specific bots could only belong to a single project. Company bots could belong to multiple projects, but they could only be created by company administrators.
Both existing bot types had limitations. Project specific bots could not share the same SSH key, which is rather common scenario when using a shared continuous integration server for example. Setting up and using a company bot required the interference from the company administrator, which meant that they were only used seldomly - if at all.
In addition to the aforementioned limitations, managing bots was not in line with the overall project permission management scheme Deveo incorporates. Bots were managed in project settings, whereas the more intuitive location to manage them would be the team view. Creation of company bots could only be accomplished through APIs, which raised the barrier to use them even higher. In addition to these limitations, there had been requests for "access to everything" type of bot to be used for integration and migration purposes.
How does the new bot account scheme work?
With the revised bot account scheme, all bots in a given company are managed in the Company scope, where users, groups, collaborators and projects are managed as well.
Deveo delegates the management of bots to users, similarly it does with everything else. This means that bots can be created by anyone with access to Deveo. When a bot is created the creator becomes the owner of the bot. The owner can assign other users either as members or owners to the bot.
Within the new scheme, bots can be created as private or as public. Private bots are only visible to their members and owners, while public bots are visible to everyone. Bot credentials are only visible to its members and owners and only bot owners can manage the bot credentials. So rest assured that even though you have created a public bot, only the users that are granted the access to the bot can actually access the bot credentials, or change them.
In addition to public and private bots, company admins are able to create company admin bots. Company admin bots have access to all the projects by default, as well as they can manage users and groups.
Access management of bots to a given project is handled in the same place as any other project specific access management is - in the team view. Bots can be assigned to guest, developer or administrator roles and the bot roles grant very similar access rights as the user roles. Bots are not able to manage project members however. The full list of bot permissions is covered in the user guide.
With the revised bot account scheme we are able to create programmatic access that can be shared across projects. New bot account scheme also supports allowing bots to write to protected branches. We were also able to introduce a company admin bot for integration and migration purposes. And last but not least we could simplify the scheme so that all bots are managed in one place.
We would love to hear comments or improvement ideas about our revised bot account scheme. Do leave a comment below.