Authentication & Authorization

This is a high-level explanation of how authentication and authorization work within Spinnaker itself.

  • Redis stores computed roles, default permissions, and roles from external systems
  • Clouddriver gets known accounts
  • Front50 gets known apps

Setup & Configuration

For more information on actual use of this see Setup Authentication and Authorization .

Authentication Architecture

Authentication for Spinnaker involves three pieces, the Spinnaker UI (Deck), the Spinnaker API (Gate), and your identity provider.

Authorization Architecture

Fiat works closely with Front50 (apps permissions), Clouddriver (account permissions), and Igor (build services permissions).

Last modified May 4, 2021: rest of migration (700781a)