Allow Private Orbs along with Certified Public Orbs | Orbs

Allow Private Orbs along with Certified Public Orbs

complete

zhiqun@nextdoor.com

We are on Scale Plan and when I try to create a private orb, it requires me to toggle on "Allow all members of my organization to publish dev orbs, use uncertified orbs and use third-party ..". in the organization settings.

However, in our scenario, we only want to allow private orbs along with certified public orbs.

Please add a third option apart from the existing binary options:

Yes: Allow all members of my organization to publish dev orbs, use uncertified orbs and use third-party ..
No: Only allow my organization to use orbs certified and supported by CircleCI

April 8, 2021

Nathan Fish

marked this post as

complete

Nathan Fish

We have updated orb permissions to allow for private orbs to be enabled without enabling community.

Steven Reynolds

For any one needing a workaround for this feature, you can leverage config policies as a way to create an allowed list of orbs (admittedly a toggle would be much preferred). 
An example policy would look like 
package org
import future.keywords
import data.circleci.config
policy_name["allowed_orbs"]
# circleci prefix allows certified orbs
# company_namespace allows your private orbs
# any other prefixes support approved 3rd party orbs
use_allowed_orbs[orb] = reason {
    some orb, _ in config.orbs
    not startswith(orb, "circleci")
    not startswith(orb, "company_namespace")
    not startswith(orb, "some_other_orb")
    reason := sprintf("%s is not an approved orb", [orb])
}
# You may decide a soft_fail is preferable depending on your requirements
hard_fail["use_allowed_orbs"]
enable_rule["use_allowed_orbs"]
More information
https://circleci.com/docs/config-policy-management-overview/
https://circleci.canny.io/orbs/p/allow-to-use-third-party-orbs-by-white-list
https://circleci.canny.io/orbs/p/option-to-allow-certified-and-partner-orbs-only

Oran Wilder

Hi folks - this feature continues to be top of mind but unfortunately remains uncertain on updated timing. When we find a new home for it we'll update again here.

brian.yarr@deliveroo.co.uk

Is there an update on this feature?

Oran Wilder

marked this post as

planned

This has been added to the roadmap for second half of 2022.

Oran Wilder

Update: Targeting mid-Q4.

thomas.furmston@deliveroo.co.uk

Oran Wilder Please, did this make it into the Q4 roadmap?

Alex Kennedy

Oran Wilder Bump for status update please.

Oran Wilder

Alex Kennedy: Sure thing. This won't fit into our Q3 plans, but remains under consideration for Q4.

Oran Wilder

marked this post as

under review

Reviewing for roadmap prioritization.