Spinnaker Integration with Azure AD
Companies are always looking to secure how colleagues use company software and tools. Datasirpi using spinnaker for HA cloud deployment management. Checkout how Datasirpi is setting up the Azure Active Directory to secure spinnaker.
Instruction to setup
How to obtain an OAuth 2.0 client ID and client secret for use with your Microsoft Azure tenant with Spinnaker
Setting up an Azure Application Registration
1. Navigate to https://portal.azure.com and log in with your Azure credentials.
2. On the left hand navigation pane, click “Azure Active Directory” –> “App registrations”.
3. Click “New application registration”, and fill in the details:
Name of the application: (eg Spinnaker),
Application type: Web app / API
Sign-on URL: https://gate:8084/login (replace localhost with your Gate address if known, and HTTPS with HTTP if appropriate)
Click “Create”
4. Note the “Application ID”, this is the client ID to pass to hal. Copy it to a safe place.
5. Click “Settings” -> “Keys”. Under “Passwords”, add a Key Description (eg Spinnaker), set the expiry, and then click “Save”. “Value” will
now be populated. This is your client secret; copy it to a safe place.
CLI
领英推荐
Set up OAuth 2.0 with azure:
hal config security auth oauth2 edit --provider azure --client-id (client ID from above) --client-secret
(client secret from above)
Now enable OAuth 2.0 using hal:
hal config security auth oauth2 enable
Set environment variable
The Tenant ID of your organization is required for Azure OAuth 2.0 login. To obtain it:
1. Navigate to https://portal.azure.com and log in with your Azure credentials.
2.2. On the left hand navigation pane, click “Azure Active Directory” –> “Properties”.
3. “Directory ID” is your Tenant ID.
In order to pass the Tenant ID to gate, we need to insert is as an environment variable. Add the following to ~/.hal/default/service-settings/gate.
yml:
env
azureTenantId: (your tenant id):
Outcome
Now you and your colleagues can get easy access to Spinnaker.