Feature Overview (aka. Goal Summary)

Currently in Backstage, especially with the scaffolder, the auth is done via a service account. Customers need to make sure that only the user that have enough privileges can run the templates or any other actions in RHDH.

There are being several requests in the community for a such feature. The latest one is available here

Goals (aka. expected user outcomes)

When a template is executed, the newly create repo and commits should be under the user that executed the template and not with a generic name or service account.

If the user has access to the template but not to Git, the template should fail as the user cannot create a repository.

Requirements (aka. Acceptance Criteria):

• As a RHDH administrator, I want to be able to use OBO on the scaffolder instead of using a service account.
• As a developer, when I run a template and I have the proper access, my name should appear on the newly created repo with the commits, PR, etc.
• As a developer, when I run a template and I don't have access to Git, the template should fail because I'm not authorized to create a repo or push any code.

Customer Considerations (Optional)

The scope could be large, and we should focus on the scaffolder first

Documentation Considerations

In the scaffolder (templates) section, we have to document how to use OBO in the templates