{"id":36494265,"url":"https://github.com/ministryofjustice/cloud-platform-github-teams-filter","last_synced_at":"2026-01-12T01:59:27.350Z","repository":{"id":276006905,"uuid":"927120849","full_name":"ministryofjustice/cloud-platform-github-teams-filter","owner":"ministryofjustice","description":"Micro-service for filtering github teams that are registered with cloud platform cluster environments","archived":false,"fork":false,"pushed_at":"2025-07-24T10:08:33.000Z","size":70,"stargazers_count":0,"open_issues_count":10,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2025-07-24T14:36:17.863Z","etag":null,"topics":["cloud-platform-engineering"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ministryofjustice.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-04T12:48:09.000Z","updated_at":"2025-07-24T10:08:17.000Z","dependencies_parsed_at":"2025-02-05T19:49:50.885Z","dependency_job_id":"9158007b-1afc-4725-8942-926137ccc0e5","html_url":"https://github.com/ministryofjustice/cloud-platform-github-teams-filter","commit_stats":null,"previous_names":["ministryofjustice/cloud-platform-github-teams-filter"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/ministryofjustice/cloud-platform-github-teams-filter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-github-teams-filter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-github-teams-filter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-github-teams-filter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-github-teams-filter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ministryofjustice","download_url":"https://codeload.github.com/ministryofjustice/cloud-platform-github-teams-filter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ministryofjustice%2Fcloud-platform-github-teams-filter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28331488,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-12T00:36:25.062Z","status":"ssl_error","status_checked_at":"2026-01-12T00:36:15.229Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cloud-platform-engineering"],"created_at":"2026-01-12T01:59:27.301Z","updated_at":"2026-01-12T01:59:27.345Z","avatar_url":"https://github.com/ministryofjustice.png","language":"Go","readme":"# cloud-platform-github-teams-filter\n\nThis service exists to help mitigate issues with SAML authentication to AWS Console for Cloud Platform user readonly access.\n\n## Problem\n\nThe SAML attribute used to permit users to view their tagged resources consists of the set of team names a user's github account is associated with. There is a hard limit of 256 characters in this attribute, so users in many teams / long team names find authentication breaks if this limit is exceeded. See [this runbook entry](https://runbooks.cloud-platform.service.justice.gov.uk/debugging-aws-console-access.html#debugging-aws-console-read-only-access-issues) for more details on this issue.\n\n## Solution\n\nIn order to alleviate this issue, the teams filter service works by: \n\n- listening for requests containing a `:` separated list of teams ie `:team1:team2:team3`\n- queries the CP cluster's rolebinding objects and generates a deduplicated set of all teams that are \"registered\" across all namespaces\n- removes from the input list any teams which are not present in any cluster rolebindings\n- returns the filtered string\n\nIn doing so, we are removing any github teams which have no relevance for our read-only console service.\n\nThe service is to be called within our auth0 AWS SSO action, and requires an api key. This can be found in the Kubernetes Secret 'github-teams-filter-secret`.\n\n## Helm Chart\n\nThe Helm chart for this service is located in our [Cloud Platform Helm Charts repository](https://github.com/ministryofjustice/cloud-platform-helm-charts/tree/main/cloud-platform-github-teams-filter)\n\n\n## Usage\n\nIf you want to check the service in action, try something like:\n\n```\ncurl https://filter-teams.apps.cloud-platform.service.justice.gov.uk/filter-teams \\                                                \n     -H \"X-API-Key: {api-key value}\" -H \"Content-Type: application/json\" \\\n     -d '{\"teams\": \":badteam:webops:test1:test2:dps-tech\"}'\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-github-teams-filter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fministryofjustice%2Fcloud-platform-github-teams-filter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fministryofjustice%2Fcloud-platform-github-teams-filter/lists"}