Abbey can be used to control access to resources in external applications. Abbey knows the email you sign up with in the app, and this can be used when creating Abbey grant kits. However, if you are referencing an external application, Abbey needs to know about your identity data in an external application in order to control access to resources in the application.

Let's take a look at the output block of the following Grant Kit:

  output = {
    # Replace with your own path pointing to where you want your access changes to manifest.
    # Path is an RFC 3986 URI, such as `github://{organization}/{repo}/path/to/file.tf`.
    location = "github://organization/repo/access.tf"
    append = <<-EOT
      resource "github_team_membership" "gh_mem_{{ .user.github.username }}" {
        team_id = github_team.test_team.id
        username = "{{ .user.github.username }}"
        role = "member"
      }
    EOT
  }

In this example, when the grant kit approves access to the github_team_membership resource, Abbey creates a Terraform resource which associates the username with the team. Here we refer to the username as .user.github.username. However, Abbey has no way of knowing this username until you link the Github username into Abbey!