Crate Ownership
A given crate is owned by one or more users. The user who first publishes a crate version for a given crate (identifiable by its name) becomes its owner.
Only owners of a crate can publish new versions to that crate.
For the purposes of cargo owner -add and cargo owner --remove subcommands,
a Shipyard.rs user should be identified by the email address associated with
their account.
The email address must correspond to an existing Shipyard.rs user account which is part of the organization account which owns the crate.
See also: cargo owner docs.
Listing Crate Owners
To list current owners of a crate, navigate to the crate directory and run:
$ cargo owner --registry <registry-name> --list
scrooge.mcduck@fastmail.com (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae)
Note: passing the --registry flag is not required if you set a single registry
in the publish field in the crate's Cargo.toml.
The subcommand also provides a --token option, for use if you have not configured
your auth token via cargo login. If you get the error message
error: no upload token found, please run `cargo login` or pass `--token`
this indicates you need to pass an auth token using --token or configure
the token using cargo login.
The output displayed by a successful cargo owner --list command lists each
user who is an owner of the crate. The user's email is listed first, and
his or her Shipyard.rs user id is listed in parenthesis.
Add/Remove Crate Owners
The cargo owner --add subcommand can be used to add owners to a crate, and
the cargo owner --remove subcommand can be used to remove users from a crate.
To add a user as an owner of the crate:
$ cargo owner --registry <registry-name> \
--add launchpad.mcquack@hotmail.com
Owner added user(s) 4c26f6c5-6aa0-4d36-8aa7-6c846c7acbeb as owner(s) of <crate-name>
Listing crate owners will now display the second user as an owner of the crate:
$ cargo owner --registry <registry-name> --list
scrooge.mcduck@fastmail.com (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae)
launchpad.mcquack@hotmail.com (user-id = 4c26f6c5-6aa0-4d36-8aa7-6c846c7acbeb)
To remove a user as an owner of the crate:
$ cargo owner --registry <registry-name> \
--remove launchpad.mcquack@hotmail.com
Owner removing ["launchpad.mcquack@hotmail.com"] from crate <crate-name>
Listing crate owners will now display the removed user is no longer an owner:
$ cargo owner --registry <registry-name> --list
scrooge.mcduck@fastmail.com (user-id = d4dddf5f-cb77-41dc-9635-1dfc072f40ae)
Crate Owners and Account Permissions
An account with Admin permissions may add "itself" as an owner of a crate, using its own auth token, despite not being an owner of the crate.
$ cargo owner --registry <registry-name> \
--add it-dept@ducks.org \
--token ${ADMIN_ACCOUNT_AUTH_TOKEN}
# works
Neither Publish nor Read accounts have this ability.
If you try adding a user to a crate you do not own using an auth token from a Publish or Read account, you will receive the following error:
$ cargo owner --registry <registry-name> \
--add huey.mcquack@msn.com \
--token ${PUBLISH_OR_READ_ACCOUNT_AUTH_TOKEN}
error: failed to invite owners to crate `<crate-name>` on registry
at https://crates.shipyard.rs
Caused by:
the remote server responded with an error: user does not own the
crate <crate-name>
Alternate Ownership Models
When building the functionality around cargo owner, it seemed likely to us that the
current ownership model would not be ideal for a smaller organization.
In the case of a small, high-velocity team, it seems like it would be useful to allow any user with Admin or Publish permissions to publish to any crate in the registry, avoiding the need to manage user-based ownership of each crate.
If you are interested in something like that (or find the existing ownership structure is not suited to your organization's workflow), please reach out to us via email or Zulip, we'd love to hear about it!