https://github.com/sozercan/aad-provider

Azure Active Directory provider for Gatekeeper
https://github.com/sozercan/aad-provider

Last synced: 6 months ago
JSON representation

Azure Active Directory provider for Gatekeeper

• Host: GitHub
• URL: https://github.com/sozercan/aad-provider
• Owner: sozercan
• License: mit
• Created: 2021-08-12T01:06:51.000Z (about 4 years ago)
• Default Branch: main
• Last Pushed: 2021-08-18T20:12:56.000Z (about 4 years ago)
• Last Synced: 2025-02-10T07:14:35.653Z (8 months ago)
• Language: Go
• Homepage:
• Size: 366 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Azure Active Directory (AAD) provider

Azure Active Directory (AAD) provider is used for mutating Kubernetes labels to display name of the AAD user using Microsoft Graph API.

> This repo is meant for testing Gatekeeper external data feature. Do not use for production.

- Make sure you have a Kubernetes user that matches the AAD user you want to query (e.g. `user@example.com`).

- Create a new service principal and assign necessary Microsoft Graph API permissions to read user profile (`profile` and `User.Read.All`).

- Add your tenant ID, client ID, client secret to the `manifest/secret.yaml` file.

- Deploy Gatekeeper with external data enabled (`--enable-external-data`).

# Installation

- `kubectl apply -f manifest`

- `kubectl apply -f policy/provider.yaml`

  - Update `proxyURL` if it's not `http://aad-provider.default:8090` (default)

- `kubectl apply -f policy/assignmetadata.yaml`

# Mutation

- `kubectl apply -f examples/test.yaml`

- `kubectl get deploy test-deployment -o yaml`

  - You should see `owners` label filled with your AAD display name.

    ```

    $ kubectl get cm test-configmap -o yaml

    apiVersion: v1

    kind: ConfigMap

    metadata:

      labels:

        owner: Sertac_Ozercan

      name: test-configmap

      namespace: default

    ```