Question: We are using LDAP/SAML/AD which has different groups for different users. How do I define a user as "admin"

Answer: In ISD (Autopilot+Spinnaker), we can define a group (or a list of groups) that define the admin-user-group(s). Users who login and belong to this group are treated as administrators.

in AutoPilot: In oes-platform-config secret, platform-local.yml, we can find the definition:

userGroup:

  superAdminGroups: admin

The "admin" value needs to be changed with a comma separated list of groups, we want to declare as admin-groups

This can be updated in values.yaml and the "helm upgrade" command executed OR manually edited (not recommended as it is not permanent) using these representative commands (k=kubectl -n <namespac>):

k get secrets oes-platform-config -o jsonpath='{.data.platform-local\.yml}' | base64 -d  > platform-local.yml

[edit platform-local.yml]

k delete secret oes-platform-config 

K create secret generic oes-platform-config --from-file platform-local.yml

For Spinnaker, we need to put this in .hal/default/profiles/fiat-local.yml:

fiat:

  admin:

    roles:

      - my-admin-group

If using gitops-style, this file needs to be created/edited in the <root>/default/profiles folder in the repo and halyard-pod restarted.