|
1 | | -Spinnaker Auth Service |
2 | | ----------------------- |
3 | | - |
4 | | -[](https://travis-ci.org/spinnaker/fiat) |
5 | | - |
6 | | -``` |
7 | | - ____ _ ____ __ ___ _ ______ _ |
8 | | - / __/(_)__ __ / _// /_ / _ | ___ _ ___ _ (_)___ /_ __/____ ___ _ _ __ (_)___ |
9 | | - / _/ / / \ \ / _/ / / __/ / __ |/ _ `// _ `// // _ \ _ / / / __// _ `/| |/ // /(_-< |
10 | | -/_/ /_/ /_\_\ /___/ \__/ /_/ |_|\_, / \_,_//_//_//_/( ) /_/ /_/ \_,_/ |___//_//___/ |
11 | | - /___/ |/ |
12 | | -``` |
13 | | - |
14 | | -Fiat is the authorization server for the Spinnaker system. |
15 | | - |
16 | | -It exposes a RESTful interface for querying the access permissions for a particular user. It currently supports three kinds of resources: |
17 | | -* Accounts |
18 | | -* Applications |
19 | | -* Service Accounts |
20 | | - |
21 | | ---- |
22 | | - |
23 | | -### Accounts |
24 | | -Accounts are setup within Clouddriver and queried by Fiat for its configured `requiredGroupMembership` restrictions. |
25 | | - |
26 | | -### Applications |
27 | | -Applications are the combination of config metadata pulled from Front50 and server group names (e.g., application-stack-details). Application permissions sit beside application configuration in S3/Google Cloud Storage. |
28 | | - |
29 | | -### Service Accounts |
30 | | -Fiat Service Accounts are groups that act as a user during automated triggers (say, from a GitHub push or Jenkins build). Authorization is built in by making the service account a member of a group specified in `requiredGroupMembership`. |
31 | | - |
32 | | ---- |
33 | | - |
34 | | -### User Role/Authorization Providers |
35 | | -Currently supported user role providers are: |
36 | | -* Google Groups (through a Google Apps for Work organization) |
37 | | -* GitHub Teams |
38 | | -* LDAP |
39 | | -* File based role provider |
40 | | -* SAML Groups |
41 | | - |
42 | | ---- |
43 | | - |
44 | | -### Modular builds |
45 | | -By default, Fiat is built with all authorization providers included. To build only a subset of |
46 | | -providers, use the `includeProviders` flag: |
47 | | - ``` |
48 | | -./gradlew -PincludeProviders=google-groups,ldap clean build |
49 | | -``` |
50 | | - You can view the list of all providers in `gradle.properties`. |
51 | | - |
52 | | -### Debugging |
53 | | - |
54 | | -To start the JVM in debug mode, set the Java system property `DEBUG=true`: |
55 | | -``` |
56 | | -./gradlew -DDEBUG=true |
57 | | -``` |
58 | | - |
59 | | -The JVM will then listen for a debugger to be attached on port 7103. The JVM will _not_ wait for the debugger |
60 | | -to be attached before starting Fiat; the relevant JVM arguments can be seen and modified as needed in `build.gradle`. |
| 1 | +> [!IMPORTANT] |
| 2 | +> Fiat is now maintained in the [Spinnaker monorepo](https://github.com/spinnaker/spinnaker). This repository has been archived. |
0 commit comments