GitHub Organizations

Spinnaker supports OAuth 2.0 for authentication with GitHub organizations.

Get Client ID and Secret

Consult the GitHub OAuth 2.0 documentation and register a new OAuth 2.0 application to obtain a client ID and client secret.

Configure Halyard

You may configure Halyard either with the CLI or by manually editing the hal config.

Hal config

  1. security:
  2.   authn:
  3.     oauth2:
  4.       enabled: true
  5.       client:
  6.         clientId: # client ID from above
  7.         clientSecret: # client secret from above
  8.         accessTokenUri: https://github.com/login/oauth/access_token
  9.         userAuthorizationUri: https://github.com/login/oauth/authorize
  10.         scope: user:email
  11.       resource:
  12.         userInfoUri: https://api.github.com/user
  13.       # You almost certainly want to restrict access to your Spinnaker by adding
  14.       # userInfoRequirements; otherwise any user with a GitHub account will be
  15.       # able to access it.
  16.       userInfoRequirements: {}
  17.       userInfoMapping:
  18.         email: email
  19.         firstName: ''
  20.         lastName: name
  21.         username: login
  22.       provider: GITHUB

CLI

  1. hal config security authn oauth2 edit --provider github \
  2.   --client-id (client ID from above) \
  3.   --client-secret (client secret from above)
  5. hal config security authn oauth2 enable

Last modified October 16, 2020: rest of commits (b97d8a1)