Warning
This Repository is under development and not ready for productive use. It is in an alpha stage. That means APIs and concepts may change on short notice including breaking changes or complete removal of apis.
The platform-mesh security-operator is the component responsible for security configuration. It automaticly configures and updates isolated authorization models for platform mesh utializing OpenFGA, KeyClock and KCP.
It consists of 3 parts: initializer, generator and security-operator.
- Initializer will be triggered when a new workspace with workspace type which extends "security" workspace type appears. It reconciles this new workspase and creates store in OpenFGA, add a new realm with a client, etc.
- Generator reconciles apibinding resource from kcp and generates OpenFGA model for it
- Security-operator reconciles store and authorization model resources from kcp
- Stores, tupels and authorization models management in OpenFGA
- Instantiation of Stores and authorization models resources in KCP
- KeyClock realms and clients management in Keyclock
- Instantiation of Realms and Clients resources in deployment cluster
- For running and building the security-operator, please refer to the CONTRIBUTING.md file in this repository.
- To deploy the security-operator to kubernetes, please refer to the helm-charts repository.
The release is performed automatically through a GitHub Actions Workflow.
All the released versions will be available through access to GitHub (as any other Golang Module).
The security-operator requires a installation of go. Checkout the go.mod for the required go version and dependencies.
If you find any bug that may be a security problem, please follow our instructions at in our security policy on how to report it. Please do not create GitHub issues for security-related doubts or problems.
Please refer to the CONTRIBUTING.md file in this repository for instructions on how to contribute to platform-mesh.
Please refer to the CODE_OF_CONDUCT.md file in this repository informations on the expected Code of Conduct for contributing to platform-mesh.
Copyright 2024 SAP SE or an SAP affiliate company and platform-mesh contributors. Please see our LICENSE for copyright and license information. Detailed information including third-party components and their licensing/copyright information is available via the REUSE tool.