README
¶
[!WARNING] This Repository is under development and not ready for productive use. It is in an alpha stage. That means APIs and concepts may change on short notice including breaking changes or complete removal of apis.
platform-mesh - security-operator
Description
The platform-mesh security-operator is the component responsible for security configuration. It automaticly configures and updates isolated authorization models for platform mesh utializing OpenFGA, KeyClock and KCP.
It consists of 3 parts: initializer, generator and security-operator.
- Initializer will be triggered when a new workspace with workspace type which extends "security" workspace type appears. It reconciles this new workspase and creates store in OpenFGA, add a new realm with a client, etc.
- Generator reconciles apibinding resource from kcp and generates OpenFGA model for it
- Security-operator reconciles store and authorization model resources from kcp
Features
- Stores, tupels and authorization models management in OpenFGA
- Instantiation of Stores and authorization models resources in KCP
- KeyClock realms and clients management in Keyclock
- Instantiation of Realms and Clients resources in deployment cluster
Getting started
- For running and building the security-operator, please refer to the CONTRIBUTING.md file in this repository.
- To deploy the security-operator to kubernetes, please refer to the helm-charts repository.
Releasing
The release is performed automatically through a GitHub Actions Workflow.
All the released versions will be available through access to GitHub (as any other Golang Module).
Requirements
The security-operator requires a installation of go. Checkout the go.mod for the required go version and dependencies.
Security / Disclosure
If you find any bug that may be a security problem, please follow our instructions at in our security policy on how to report it. Please do not create GitHub issues for security-related doubts or problems.
Contributing
Please refer to the CONTRIBUTING.md file in this repository for instructions on how to contribute to platform-mesh.
Code of Conduct
Please refer to our Code of Conduct for information on the expected conduct for contributing to Platform Mesh.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
v1alpha1
Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group.
|
Package v1alpha1 contains API Schema definitions for the core v1alpha1 API group. |
|
internal
|
|
|
pkg
|
|
|
clientreg
Package oidc provides a client for OIDC Dynamic Client Registration (RFC 7591/7592).
|
Package oidc provides a client for OIDC Dynamic Client Registration (RFC 7591/7592). |