Github oauth2 permitting all users, instead of just my org


#1

Hi all, I am new to Spinnaker and I am trying to troubleshoot the Github Oauth2 configuration. Using the configuration below, any github user is able to connect to my application. Ideally, I want only members of my Github Organizational account to be able to connect.

Has anyone else successfully configured (team restricted) Github Oauth2? Can anyone spot any obvious errors that I am making?

authn:
  oauth2:
    enabled: true
    client:
      clientId: xxxxxxxxxxxxxxxxxxxx
      clientSecret: yyyyyyyyyyyyyyyyyyyy
      accessTokenUri: https://github.com/login/oauth/access_token
      userAuthorizationUri: https://github.com/login/oauth/authorize
      scope: user:email
    resource:
      userInfoUri: https://api.github.com/user
    userInfoMapping:
      email: email
      firstName: ''
      lastName: name
      username: login
    provider: GITHUB
  saml:
    enabled: false
  ldap:
    enabled: false
  x509:
    enabled: false
  iap:
    enabled: false
  enabled: true
authz:
  groupMembership:            
    service: GITHUB
    google:
      roleProviderType: GOOGLE
    github:
      roleProviderType: GITHUB
      baseUrl: https://api.github.com
      accessToken: zzzzzzzzzzzzzzzzzzzz
      organization: MyOrg
    file:
      roleProviderType: FILE
    ldap:
      roleProviderType: LDAP
  enabled: true

hal --version
1.14.0-20190117020510

hal version list

  • Get current deployment
    Success
  • Get Spinnaker version
    Success
  • Get released versions
    Success
  • You are on version “1.12.1”, and the following are available:
  • 1.9.5 (Bright):
    Published: Mon Oct 01 11:15:37 MDT 2018
    (Requires Halyard >= 1.0.0)
  • 1.10.13 (Maniac):
    Published: Wed Jan 30 16:39:38 MST 2019
    (Requires Halyard >= 1.11)
  • 1.11.9 (Cobra Kai):
    Published: Wed Jan 30 16:27:33 MST 2019
    (Requires Halyard >= 1.11)
  • 1.12.1 (Unbreakable):
    Published: Thu Jan 31 15:01:48 MST 2019
    (Requires Halyard >= 1.11)