From e4af74df63aca03def41174f604c31080e8e9795 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 15 Jan 2025 18:48:40 +0800 Subject: [PATCH] doc: Add warning about service user scopes --- README.md | 6 ++++++ sample-configs/csv-config.sample.yaml | 4 ++++ sample-configs/ldap-config.sample.yaml | 4 ++++ sample-configs/ukt-config.sample.yaml | 4 ++++ 4 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 51c7251..cbe6d57 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,12 @@ Currently supported sources: ## Configuration +> [!WARNING] +> +> When creating a service user, limit them to the specific project and +> organization scope that they are intended to sync. `famedly-sync` +> currently does not separately limit the scope of the sync, see #103. + The tool expects a configuration file located at `./config.yaml`. See example configuration at [config.sample.yaml](./config.sample.yaml). The default path can be changed by setting the new path to the environment variable `FAMEDLY_SYNC_CONFIG`. diff --git a/sample-configs/csv-config.sample.yaml b/sample-configs/csv-config.sample.yaml index 24ad662..b1c5066 100644 --- a/sample-configs/csv-config.sample.yaml +++ b/sample-configs/csv-config.sample.yaml @@ -9,6 +9,10 @@ zitadel: # The project to grant users access to. project_id: 278274945274880004 # The identity provider ID to enable SSO login for + # + # WARNING: This user *must* be scoped to the specific org/project, + # as famedly-sync does not limit syncs to the configured org/project + # by itself. idp_id: 281430143275106308 feature_flags: diff --git a/sample-configs/ldap-config.sample.yaml b/sample-configs/ldap-config.sample.yaml index 65669af..76486c3 100644 --- a/sample-configs/ldap-config.sample.yaml +++ b/sample-configs/ldap-config.sample.yaml @@ -9,6 +9,10 @@ zitadel: # The project to grant users access to. project_id: 278274945274880004 # The identity provider ID to enable SSO login for + # + # WARNING: This user *must* be scoped to the specific org/project, + # as famedly-sync does not limit syncs to the configured org/project + # by itself. idp_id: 281430143275106308 feature_flags: diff --git a/sample-configs/ukt-config.sample.yaml b/sample-configs/ukt-config.sample.yaml index f04902e..412cd9f 100644 --- a/sample-configs/ukt-config.sample.yaml +++ b/sample-configs/ukt-config.sample.yaml @@ -9,6 +9,10 @@ zitadel: # The project to grant users access to. project_id: 278274945274880004 # The identity provider ID to enable SSO login for + # + # WARNING: This user *must* be scoped to the specific org/project, + # as famedly-sync does not limit syncs to the configured org/project + # by itself. idp_id: 281430143275106308 feature_flags: