mirror of
https://github.com/siderolabs/omni.git
synced 2026-05-05 06:36:12 +02:00
dfcbaae7d0
Omni is source-available under BUSL. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> Co-Authored-By: Artem Chernyshev <artem.chernyshev@talos-systems.com> Co-Authored-By: Utku Ozdemir <utku.ozdemir@siderolabs.com> Co-Authored-By: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com> Co-Authored-By: Philipp Sauter <philipp.sauter@siderolabs.com> Co-Authored-By: Noel Georgi <git@frezbo.dev> Co-Authored-By: evgeniybryzh <evgeniybryzh@gmail.com> Co-Authored-By: Tim Jones <tim.jones@siderolabs.com> Co-Authored-By: Andrew Rynhard <andrew@rynhard.io> Co-Authored-By: Spencer Smith <spencer.smith@talos-systems.com> Co-Authored-By: Christian Rolland <christian.rolland@siderolabs.com> Co-Authored-By: Gerard de Leeuw <gdeleeuw@leeuwit.nl> Co-Authored-By: Steve Francis <67986293+steverfrancis@users.noreply.github.com> Co-Authored-By: Volodymyr Mazurets <volodymyrmazureets@gmail.com>
83 lines
1.9 KiB
YAML
83 lines
1.9 KiB
YAML
metadata:
|
|
namespace: default
|
|
type: AccessPolicies.omni.sidero.dev
|
|
id: access-policy
|
|
spec:
|
|
usergroups:
|
|
user-group-1:
|
|
users:
|
|
- name: user-group-1-user-1
|
|
- name: user-group-1-user-2
|
|
user-group-2:
|
|
users:
|
|
- name: user-group-2-user-1
|
|
- name: user-group-2-user-2
|
|
- name: user-group-2-user-3
|
|
clustergroups:
|
|
cluster-group-1:
|
|
clusters:
|
|
- name: cluster-group-1-cluster-1
|
|
- name: cluster-group-1-cluster-2
|
|
cluster-group-2:
|
|
clusters:
|
|
- name: cluster-group-2-cluster-1
|
|
- name: cluster-group-2-cluster-2
|
|
- name: cluster-group-2-cluster-3
|
|
rules:
|
|
- users:
|
|
- group/user-group-1
|
|
- standalone-user-1
|
|
clusters:
|
|
- group/cluster-group-1
|
|
- standalone-cluster-1
|
|
kubernetes:
|
|
impersonate:
|
|
groups:
|
|
- k8s-group-1
|
|
- k8s-group-2
|
|
- users:
|
|
- group/user-group-2
|
|
- standalone-user-2
|
|
clusters:
|
|
- group/cluster-group-2
|
|
- standalone-cluster-2
|
|
role: Operator
|
|
kubernetes:
|
|
impersonate:
|
|
groups:
|
|
- k8s-group-3
|
|
- k8s-group-4
|
|
tests:
|
|
- name: test-1
|
|
user:
|
|
name: user-group-1-user-1
|
|
cluster:
|
|
name: cluster-group-1-cluster-1
|
|
expected:
|
|
kubernetes:
|
|
impersonate:
|
|
groups:
|
|
- k8s-group-1
|
|
- k8s-group-2
|
|
- name: test-2
|
|
user:
|
|
name: standalone-user-2
|
|
cluster:
|
|
name: standalone-cluster-2
|
|
expected:
|
|
role: Operator
|
|
kubernetes:
|
|
impersonate:
|
|
groups:
|
|
- k8s-group-3
|
|
- k8s-group-4
|
|
- name: test-3
|
|
user:
|
|
name: user-group-1-user-1
|
|
cluster:
|
|
name: cluster-group-2-cluster-2
|
|
expected:
|
|
kubernetes:
|
|
impersonate:
|
|
groups: []
|