The Ruby Gem that Powers Entitlements - GitHub's Identity and Access Management System

Перейти к файлу

Grant Birkinbine 2e24e5ed90 Merge pull request #26 from arunsathiya/main ci: Use GITHUB_OUTPUT envvar instead of set-output command		2024-03-18 10:30:17 -06:00
.github/workflows	Merge branch 'main' into main	2024-03-18 10:25:47 -06:00
bin	Rename lib file to appease rubocop	2022-08-09 16:03:55 -05:00
docs	Remove broken link	2023-01-20 15:46:54 -06:00
lib	update all `actions/checkout` versions to v4	2024-03-18 09:46:22 -06:00
script	update bootstrap script	2024-03-18 09:44:20 -06:00
spec	fix broken acceptance tests and pin bundler to a version for stability	2024-03-18 09:39:34 -06:00
vendor	update `rugged` gem	2024-03-18 09:55:49 -06:00
.gitignore	update `.gitignore`	2024-03-18 10:08:06 -06:00
.rubocop.yml	upgrade to latest ruby version	2024-03-18 10:01:27 -06:00
.ruby-version	upgrade to latest ruby version	2024-03-18 10:01:27 -06:00
CODE_OF_CONDUCT.md	entitlements-app	2022-06-07 12:20:09 -04:00
CONTRIBUTING.md	entitlements-app	2022-06-07 12:20:09 -04:00
Gemfile	entitlements-app	2022-06-07 12:20:09 -04:00
Gemfile.lock	update `rugged` gem	2024-03-18 09:55:49 -06:00
LICENSE.md	entitlements-app	2022-06-07 12:20:09 -04:00
README.md	add new status badges	2023-08-29 14:04:42 -06:00
SECURITY.md	entitlements-app	2022-06-07 12:20:09 -04:00
entitlements-app.gemspec	update `rugged` gem	2024-03-18 09:55:49 -06:00

README.md

entitlements-app

entitlements-app is a Ruby gem which provides git-managed LDAP group configuration and access provisioning to your declared resources. It powers Entitlements, GitHub's internal Identity and Access Management (IAM) system. Entitlements is a pluggable system designed to alleviate IAM pain points.

Quick Start

See getting started for quick start, and entitlements-config for example configuration.

Inputs

Entitlements currently supports a single input option of configuration files in the form of .txt, .rb and .yaml.

Git-managed config

Entitlements receives input from configuration files. By using git to back the config files, every file has a complete and visible audit trail.

See configuration for a complete guide on entitlements configuration.

Populating config from a source of truth

Entitlements requires an initial Org Chart configuration to define all of the valid users available to the system.

See orgchart for a complete guide to configuring your org chart data.

Configuration

Metadata

Entitlements allows for metadata tags which can be used to indicate attributes of the entitlements config other than membership. These metadata tags can be used to build additional automation on top of the Entitlements system.

For examples of ways to leverage metadata tags, see metadata

Expirations

Entitlements allows for expirations at the file level and the user/group level.

See expirations for more on expirations.

Filters

Entitlements supports a concept of filters. This allows you to group employees defined in your org chart by classifications, and require explicit access definitions for those employee classifications.

For examples on filters, see filters

Example

There is an example configuration repo here

Outputs

LDAP

Out of the box, Entitlements will output your sets to LDAP.

See the OpenLDAP documentation for more on LDAP.

Plugins

Entitlements is a pluggable system. Plugins can be built for additional inputs and outputs.

For more on building plugins, see plugins

Contributing

Please see CONTRIBUTING for details.

Security

We take security very seriously. Please see SECURITY for details on how to proceed if you find a security issue.

Release 🚀

To release a new version of this Gem, do the following:

Update the version number in the lib/version.rb file
Run bundle install to update the Gemfile.lock file with the new version
Commit your changes, push them to GitHub, and open a PR

Once your PR is approved and the changes are merged, a new release will be created automatically by the release.yml workflow. The latest version of the Gem will be published to the GitHub Package Registry and RubyGems.