Skip to content
This repository has been archived by the owner on Jun 24, 2024. It is now read-only.

Commit

Permalink
pargs refactor update (#40)
Browse files Browse the repository at this point in the history
* pargs refactor update

* update

* Update pargs.yaml
  • Loading branch information
marcinas authored and ZachEddy committed Jul 12, 2018
1 parent 96ce8e6 commit a3406b0
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 29 deletions.
2 changes: 1 addition & 1 deletion deploy/kube.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ spec:
# uncomment to add authorization to the contacts-app example. Please
# note that authz also needs to be running in order to authorize
# requests to the contacts-app
# - "-authz=pdpserver.authz:5555"
# - "-authz=themis.authz:5555"
image: infoblox/contacts-server:latest
imagePullPolicy: Always
ports:
Expand Down
74 changes: 46 additions & 28 deletions deploy/pargs.yaml
Original file line number Diff line number Diff line change
@@ -1,85 +1,103 @@
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Group
metadata:
name: all-users
namespace: authz
namespace: contacts
labels:
pargset: authz
authz-namespace: authz
criteria:
type: User
type: user
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Group
metadata:
name: engineers
namespace: authz
namespace: contacts
labels:
authz-namespace: authz
criteria:
type: user
department: admin
---
apiVersion: authz.infoblox.com/v1
kind: Group
metadata:
name: all-resources
namespace: contacts
labels:
pargset: authz
authz-namespace: authz
criteria:
type: User
department: Engineering
type: none
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: RoleAssignment
metadata:
name: contacts-all-users
namespace: contacts
labels:
pargset: authz
group: all-users
role: contacts-read-only
authz-namespace: authz
subjectgroups:
- all-users
roles:
- contacts-read-only
resourcegroups:
- all-resources
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: RoleAssignment
metadata:
name: contacts-admin
namespace: contacts
labels:
pargset: authz
group: engineers
role: contacts-read-write
authz-namespace: authz
subjectgroups:
- engineers
roles:
- contacts-read-write
resourcegroups:
- all-resources
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Role
metadata:
name: contacts-read-only
namespace: contacts
labels:
pargset: authz
authz-namespace: authz
permissions:
- contacts-read
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Role
metadata:
name: contacts-read-write
namespace: contacts
labels:
pargset: authz
authz-namespace: authz
permissions:
- contacts-read
- contacts-write
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Permission
metadata:
name: contacts-read
namespace: contacts
labels:
pargset: authz
operations:
authz-namespace: authz
endpoints:
- Contacts.List
- Contacts.Get
---
apiVersion: infoblox.com/v1
apiVersion: authz.infoblox.com/v1
kind: Permission
metadata:
name: contacts-write
namespace: contacts
labels:
pargset: authz
operations:
authz-namespace: authz
endpoints:
- Contacts.Create
- Contacts.Update
- Contacts.Delete
- Contacts.SendSMS
- Contacts.SendSMS

0 comments on commit a3406b0

Please sign in to comment.