GitHub - spinnaker/fiat at v1.36.3

52 Branches 302 Tags

Name	Name	Last commit message	Last commit date
Latest commit mergify[bot] and DanielaS12 fix(logs): Redacted secret data in logs. (#1029 ) (#1031 ) Mar 16, 2023 51fa0be · Mar 16, 2023 History 789 Commits
.github	.github	fix(gha): Event branch doesn't match (#975 )	Sep 13, 2022
.idea	.idea	feat(*): Github Actions for PR builds (#533 )	Dec 18, 2019
fiat-api	fiat-api	fix(logs): Redacted secret data in logs. (#1029 ) (#1031 )	Mar 16, 2023
fiat-bom	fiat-bom	chore(deps): update kork to 7.107.0, use new maven coordinates (#852 )	Mar 22, 2021
fiat-core	fiat-core	feat(api): Add support for more Spring Security APIs (#966 )	Aug 1, 2022
fiat-file	fiat-file	fix(roles): file-based roles fail when the user is not provided in th…	Nov 15, 2019
fiat-github	fiat-github	fix(dependency): Issue of missing javax.validation:validation-api dep…	Apr 13, 2022
fiat-google-groups	fiat-google-groups	fix(google): skip groups for service accounts (#953 )	May 12, 2022
fiat-ldap	fiat-ldap	refactor(ldap/logging): Add userId in error log (#839 )	Dec 4, 2021
fiat-roles	fiat-roles	feat(roles): add capability to control querying clouddriver for appli…	Sep 2, 2022
fiat-sql-mysql	fiat-sql-mysql	feat(sql): Add an SQL permission repository (#838 )	Mar 3, 2021
fiat-sql-postgres	fiat-sql-postgres	feat(sql): Add an SQL permission repository (#838 )	Mar 3, 2021
fiat-sql	fiat-sql	fix: Should fix the deletion of permissions when resource name is upp…	Feb 7, 2023
fiat-web	fiat-web	feat(roles): add capability to control querying clouddriver for appli…	Sep 2, 2022
gradle	gradle	chore(build): gradle 6.8.1 (#825 )	Dec 4, 2021
halconfig	halconfig	feat(build): publish to maven central, switch groupId to io.spinnaker… (	Mar 19, 2021
.clog.toml	.clog.toml	chore(changelog): Extend changelog commit keywords. (#157 )	Mar 22, 2017
.gcloudignore	.gcloudignore	chore(gcb build): add a .gcloudignore (#563 )	Feb 27, 2020
.gitignore	.gitignore	feat(plugins): add plugins to fiat (#663 )	Apr 28, 2020
.mergify.yml	.mergify.yml	chore(ci): Mergify - merge Autobumps on release-* (#949 )	Apr 27, 2022
AUTHORS	AUTHORS	Project skeleton	Jun 14, 2016
CODEOWNERS	CODEOWNERS	chore(meta): Remove myself from default reviewers (#888 )	Dec 4, 2021
Dockerfile.compile	Dockerfile.compile	chore(java11): Target Java 11. (#771 )	Sep 10, 2020
Dockerfile.slim	Dockerfile.slim	chore(dockerfile): upgrade to latest alpine image (#967 )	Aug 3, 2022
Dockerfile.ubuntu	Dockerfile.ubuntu	chore(dockerfile): various Dockerfile cleanups (#745 )	Aug 12, 2020
LICENSE.txt	LICENSE.txt	Project skeleton	Jun 14, 2016
README.md	README.md	chore(doc): add missing userrole provider (#723 )	Jul 1, 2020
autobump.sh	autobump.sh	feat(build): enable autobump PRs for fiat-api consumers (#495 )	Oct 28, 2019
build.gradle	build.gradle	fix(dependency): Issue with jackson-bom and kotlin-bom version confli…	Mar 10, 2022
gradle.properties	gradle.properties	chore(dependencies): Autobump korkVersion (#1027 )	Mar 6, 2023
gradlew	gradlew	chore(build): gradle 6.6 (#748 )	Aug 18, 2020
gradlew.bat	gradlew.bat	chore(build): gradle 6.6 (#748 )	Aug 18, 2020
lombok.config	lombok.config	Initial account configuration + provider (#1 )	Jun 22, 2016
settings.gradle	settings.gradle	feat(sql): Add an SQL permission repository (#838 )	Mar 3, 2021

Repository files navigation

Spinnaker Auth Service

   ____ _         ____ __    ___               _            ______                  _
  / __/(_)__ __  /  _// /_  / _ | ___ _ ___ _ (_)___       /_  __/____ ___ _ _  __ (_)___
 / _/ / / \ \ / _/ / / __/ / __ |/ _ `// _ `// // _ \ _     / /  / __// _ `/| |/ // /(_-<
/_/  /_/ /_\_\ /___/ \__/ /_/ |_|\_, / \_,_//_//_//_/( )   /_/  /_/   \_,_/ |___//_//___/
                                /___/                |/

Fiat is the authorization server for the Spinnaker system.

It exposes a RESTful interface for querying the access permissions for a particular user. It currently supports three kinds of resources:

Accounts
Applications
Service Accounts

Accounts

Accounts are setup within Clouddriver and queried by Fiat for its configured requiredGroupMembership restrictions.

Applications

Applications are the combination of config metadata pulled from Front50 and server group names (e.g., application-stack-details). Application permissions sit beside application configuration in S3/Google Cloud Storage.

Service Accounts

Fiat Service Accounts are groups that act as a user during automated triggers (say, from a GitHub push or Jenkins build). Authorization is built in by making the service account a member of a group specified in requiredGroupMembership.

User Role/Authorization Providers

Currently supported user role providers are:

Google Groups (through a Google Apps for Work organization)
GitHub Teams
LDAP
File based role provider
SAML Groups

Modular builds

By default, Fiat is built with all authorization providers included. To build only a subset of providers, use the includeProviders flag:

./gradlew -PincludeProviders=google-groups,ldap clean build

You can view the list of all providers in gradle.properties.

Debugging

To start the JVM in debug mode, set the Java system property DEBUG=true:

./gradlew -DDEBUG=true

The JVM will then listen for a debugger to be attached on port 7103. The JVM will not wait for the debugger to be attached before starting Fiat; the relevant JVM arguments can be seen and modified as needed in build.gradle.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Spinnaker Auth Service

Accounts

Applications

Service Accounts

User Role/Authorization Providers

Modular builds

Debugging

About

Releases 237

Packages

Contributors 76

Languages

License

spinnaker/fiat

Folders and files

Latest commit

History

Repository files navigation

Spinnaker Auth Service

Accounts

Applications

Service Accounts

User Role/Authorization Providers

Modular builds

Debugging

About

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 237

Packages 0

Contributors 76

Languages

Packages