Torizon repository sharing

Dear Support Team,

We’ve set up a company account on torizon.io for managing multiple devices. To allow developers to manage those devices, we use the feature of repository sharing as described here:

We’ve encountered two issues:

  • we gave the developers “Full Access” to the repository. When the developer is in the company’s repository, the Credentials tab in “My account” is greyed out (“You do not have the required permission to use this feature”). According to the matrix on the website above, full access should also provide access to the credentials.zip. Are we missing something?
  • How can a developer push an image or docker-compose to the company’s repository? Is it the intention to share the company’s account credentials.zip among developers, or is there a way for the developers to use their own credentials for accessing the shared repository of the company?

Any advice is highly appreciated.

Thanks in advance.

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:


Thank you for reaching out with your questions regarding Torizon repository sharing. Let’s address each of your concerns:

Issue 1: Credentials Tab Greyed Out

If the Credentials tab is greyed out for developers with “Full Access,” it might be due to a couple of reasons:

  1. Permissions Propagation Delay: Sometimes, changes in permissions might take a little while to propagate. Ensure that the changes have been saved and give it some time.
  2. Account-Specific Restrictions: There might be account-specific restrictions or issues. Double-check the Guest Profile settings to ensure that “Full Access” is correctly assigned.

If the issue persists, it might be a bug or a specific restriction in the system. In such a case, I recommend reaching out to Toradex support directly for a more in-depth investigation.

Issue 2: Pushing Images or Docker-Compose to the Company’s Repository

Developers can push images or docker-compose files to the company’s repository using their own credentials. Here’s how you can manage this:

  1. Using Personal Credentials: Developers can use their own Torizon Cloud credentials to push updates to the shared repository. They do not need to share the company’s credentials.zip file. Each developer should have their own credentials set up in Torizon Cloud.

  2. Repository Access: Ensure that the developers have the appropriate access level to the repository. “Full Access” should allow them to push images and docker-compose files.

  3. TorizonCore Builder Tool: Developers can use the TorizonCore Builder Tool to authenticate and push updates. They should follow the steps to authenticate with their own credentials and then push the updates to the shared repository.

If you need detailed steps on how to push updates using the TorizonCore Builder Tool, you can refer to the TorizonCore Builder Tool documentation.

Summary

  • Ensure that the “Full Access” permissions are correctly assigned and propagated.
  • Developers should use their own Torizon Cloud credentials to push updates.
  • Refer to the TorizonCore Builder Tool documentation for detailed steps on pushing updates.

If you continue to face issues, please contact Toradex support for further assistance.

Please, also check if these links can help you solve your problem:

Issue building and running Containerized TorizonCore Build on MacOS.

Hi @dflubacher

I think this is the correct workflow and you should be able to create the credentials.zip file with Full Access permission.

I’m going to check with the cloud team if this information is incorrect or if there is any issue with the permissions.

Apologies, this was a case of incorrect documentation. Guests of the repository are not actually able to download credentials.zip. I’ll update our documentation with that correction shortly.

Our reasoning behind this decision is that credentials.zip includes API client credentials, and accessing the secret portion of API client credentials is otherwise restricted to the owner of the account.

Dear Allan, dear Jon,

Thank you for the quick clarification of the issue regarding the Credentials.zip!

Regarding my second issue: I haven’t been able to find documentation about pushing images and compose files to a shared repository. If the developer use their own credentials.zip, how is the remote repository specified? Did I miss a corresponding option in platform push or configuration file?

Best regards,
Dieter

Hi @dflubacher

Sorry for the confusion, we are going to work on improving this documentation.

The set of permission explained in this page is exclusively about using the UI buttons actions in the torizon.io website.

For the workflow using torizoncore build platform push, actually the concept of sharing and permissions doesn’t exists. There’s only the repo owner and only the onwer can push artifacts to the cloud.

So, to push artifacts to the shared repo (onwed by the company), you actually need the credentials.zip created from the company account.