Categorygithub.com/nais/console-github-auth
module
0.0.0-20241106140727-a52bc6c258b3
Repository: https://github.com/nais/console-github-auth.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
0
Dependents
0
Files
0

# README

console-github-auth

How it works

  • This component is deployed to cloud run (org: nais.io, project: github-tenant-auth), by nais-terraform-modules.
  • It has credentials (app id / private key) for the nais/console github application.
  • nais-terraform-modules grants invoke permissions to the console service account.
  • When starting up, console-github-auth finds the appropriate installation id to create tokens for, based on the GITHUB_ORG env variable.
  • When console needs to do requests targetting the GitHub API, it will:
    • use it's application default credentials to get an id token for it's own service account
    • use this to call https://console-github-auth-something.run.app/createInstallationToken
    • use the token returned by console-github-auth with the GitHub API. This token can only do operations targeting the specified GitHub organization.

# Packages

No description provided by the author