{"id":26059713,"url":"https://github.com/orange-cloudfoundry/cf-security-entitlement","last_synced_at":"2026-01-06T07:09:04.643Z","repository":{"id":40373237,"uuid":"194282969","full_name":"orange-cloudfoundry/cf-security-entitlement","owner":"orange-cloudfoundry","description":"Add an entitlement mechanism similar to isolation segment on Cloud Foundry","archived":false,"fork":false,"pushed_at":"2025-03-31T10:07:49.000Z","size":29736,"stargazers_count":2,"open_issues_count":1,"forks_count":3,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-31T10:37:33.634Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/orange-cloudfoundry.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-28T14:00:33.000Z","updated_at":"2025-03-31T09:53:53.000Z","dependencies_parsed_at":"2024-03-22T06:30:27.478Z","dependency_job_id":"d4da0652-a940-4cfa-a020-a3123e9eafef","html_url":"https://github.com/orange-cloudfoundry/cf-security-entitlement","commit_stats":null,"previous_names":[],"tags_count":224,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orange-cloudfoundry%2Fcf-security-entitlement","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orange-cloudfoundry%2Fcf-security-entitlement/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orange-cloudfoundry%2Fcf-security-entitlement/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orange-cloudfoundry%2Fcf-security-entitlement/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/orange-cloudfoundry","download_url":"https://codeload.github.com/orange-cloudfoundry/cf-security-entitlement/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248358548,"owners_count":21090401,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-08T13:28:00.718Z","updated_at":"2026-01-06T07:09:04.580Z","avatar_url":"https://github.com/orange-cloudfoundry.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cf-security-entitlement\n\nThis service allows an org manager to view all the security groups in cloud foundry and permits him to place \nsecurity groups himself on space.\n\nThis project has 3 parts:\n- **server**: api which enable security groups placement for org manager\n**Must be deployed beside cc api through the bosh release https://github.com/orange-cloudfoundry/cf-security-entitlement-boshrelease**\n- **cli plugin**: A Cloud Foundry cli plugin which add commands for this api\n- **terraform provider**: A [terraform](http://terraform.io/) provider which use api to place security groups and which\ncan be combined with [cloud foundry provider](https://github.com/cloudfoundry-community/terraform-provider-cf) **NOW ON ITS OWN REPO AT https://github.com/orange-cloudfoundry/terraform-provider-cfsecurity**\n\n## Server\n\n**Please use boshrelease associated for deployment instruction https://github.com/orange-cloudfoundry/cf-security-entitlement-boshrelease**\n\n### Api\n\n#### CRUD Security_groups\n\nPlease see doc from cloud foundry http://apidocs.cloudfoundry.org/9.3.0/#security-groups .\nServer only check if user is an authorized org manager before transmitting the request to cc api.\n\n#### POST /v2/security_entitlement (deprecated)\n\n**Parameters**:\n- `organization_guid`: an organisation guid\n- `security_group_guid`: a security group to be enabled on the org\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v2/security_entitlement -d '{\n  \"security_group_guid\": \"dcee7d89-149b-4bab-9eb9-1e5e73c22aae\",\n  \"organization_guid\": \"7e0477b9-fff8-41b1-8fd8-969095ba62e5\"\n}' -X POST \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n\t-H \"Content-Type: application/json\" \\\n\t-H \"Cookie: \"\n```\n\n**Response status**:\n```\n201 Created\n```\n\n#### GET /v2/security_entitlement (deprecated)\n\n**Parameters**:\n- `organization_guid`: an organisation guid\n- `security_group_guid`: a security group to be enabled on the org\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v2/security_entitlement \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n\t-H \"Content-Type: application/json\" \\\n\t-H \"Cookie: \"\n```\n\n**Response status**:\n\n```\n200 OK\n```\n\n**Response body**:\n\n```json\n[\n  {\n  \"security_group_guid\": \"dcee7d89-149b-4bab-9eb9-1e5e73c22aae\",\n  \"organization_guid\": \"7e0477b9-fff8-41b1-8fd8-969095ba62e5\"\n  },\n  {\n    \"security_group_guid\": \"ce9ee907-74a2-4226-a5b2-5b6336973a9e\",\n    \"organization_guid\": \"11ce76d1-3e17-4479-b090-ff971da597ca\"\n  }\n]\n```\n\n#### DELETE /v2/security_entitlement (deprecated)\n\n**Parameters**:\n- `organization_guid`: an organisation guid\n- `security_group_guid`: a security group to be revoked on the org\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v2/security_entitlement -d '{\n  \"security_group_guid\": \"dcee7d89-149b-4bab-9eb9-1e5e73c22aae\",\n  \"organization_guid\": \"7e0477b9-fff8-41b1-8fd8-969095ba62e5\"\n}' -X DELETE \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n\t-H \"Content-Type: application/json\" \\\n\t-H \"Cookie: \"\n```\n\n**Response status**:\n```\n200 OK\n```\n\n#### GET /v3/security_groups/\u003csecurity_group_guid\u003e/relationships/spaces/\u003cspace_guid\u003e/check\n\nCheck if space has its org entitle with this security group guid\n\n**Url Parameters**:\n- `security_group_guid`: a security guid to check\n- `space_guid`: a space guid to check\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v3/security_groups/23a073f5-00e7-425b-b046-de45ba9b5456/relationships/spaces/4ad3d6c7-80a9-4655-866f-aa0f71d95183/check \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n```\n\n**Response status**:\n```\n200 OK\n```\n\n**Response body**:\n\n```json\n{\n  \"is_entitled\": true,\n  \"organization_guid\": \"7e0477b9-fff8-41b1-8fd8-969095ba62e5\"\n}\n```\n\n#### POST /v3/bindings\n\nBind a security group to a particular space\n\n**Url Parameters**:\n- `security_group_guid`: a security guid to bind\n- `space_guid`: a space guid to bind\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v3/bindings\" \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n    -d '{\"security_group_guid\": \"23a073f5-00e7-425b-b046-de45ba9b5456\", \"space_guid\": \"4ad3d6c7-80a9-4655-866f-aa0f71d95183\"}'\n```\n\n**Response status**:\n```\n200 OK\n```\n\n#### DELETE /v3/bindings\n\nUnbind a security group from a space\n\n**Url Parameters**:\n- `security_group_guid`: a security guid to unbind\n- `space_guid`: a space guid to unbind\n\n**Headers**:\n\n```\nAuthorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\nHost: example.org\nContent-Type: application/json\nCookie: \n```\n\n**Curl**:\n\n```\ncurl \"https://cfsecurity.[your-domain.com]/v3/bindings\" \\\n\t-H \"Authorization: bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoidWFhLWlkLTkiLCJlbWFpbCI6ImVtYWlsLTlAc29tZWRvbWFpbi5jb20iLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImF1ZCI6WyJjbG91ZF9jb250cm9sbGVyIl0sImV4cCI6MTQ2NjAwODg4MX0.r0oLFGpSuuUWDIpqwuZ6X_8xhkqhspKEOhDYQdRzu9Y\" \\\n\t-H \"Host: example.org\" \\\n    -d '{\"security_group_guid\": \"23a073f5-00e7-425b-b046-de45ba9b5456\", \"space_guid\": \"4ad3d6c7-80a9-4655-866f-aa0f71d95183\"}'\n```\n\n**Response status**:\n```\n200 OK\n```\n\n## Cli plugin\n\n### Installation from release binaries\n\n1. Download latest release made for your os here: https://github.com/orange-cloudfoundry/cf-security-entitlement/releases\n2. run `cf install-plugin path/to/previous/binary/downloaded`\n\n\n### Commands\n\n#### OrgManager Role\n\n```\n   manager-search-security-groups         List all security groups matching an IP and a port\n   manager-security-group                 Show a single security group available for an org manager\n   manager-security-groups                List all security groups available for an org manager\n   bind-manager-security-group            Bind a security group to a particular space\n   unbind-manager-security-group          Unbind a security group to a particular space\n```\n\n## Terraform-provider-cfsecurity \n\nYou can found provider on its own repository at https://github.com/orange-cloudfoundry/terraform-provider-cfsecurity and its documentation on terraform: https://registry.terraform.io/providers/orange-cloudfoundry/cfsecurity/latest/docs\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forange-cloudfoundry%2Fcf-security-entitlement","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forange-cloudfoundry%2Fcf-security-entitlement","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forange-cloudfoundry%2Fcf-security-entitlement/lists"}