-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support wildcards in additionalrolebindings section of Tenant specification #863
Comments
Thanks for the feature proposal. Unfortunately, this is not feasible since Kubernetes itself doesn't support RBAC. Furthermore, a wildcard introduces potential issues from a security standpoint. If you can elaborate a bit more your use-case as well as your struggles, by adding a detailed user-story, we can definitely try to understand if it can potentially fit into the Capsule area. |
@prometherion One Use-Case which is interesting, would be allowing to have wildcards in respected userGroups in the capsuleConfiguration. But we should probably stick to the native xperience. |
That was the Capsule aim from day one: with all due respect to the feature request, which are always welcome, it seems to me a workaround to a different problem that should be addressed in a different scope. |
Describe the feature
additionalrolebindings section of Tenant specification needs an exact user. It does not support wildcard for user.
What would the new user story look like?
Support wildcards in additionalrolebindings section of Tenant specification
How would the new interaction with Capsule look like? E.g.
We are using Capsule on EKS. While defining tenant, we would like to assign additional roles to a group of users which can be achieved by wildcard instead of listing all of them in the specification.
Existing specification
spec:
owners:
kind: User
additionalRoleBindings:
subjects:
kind: User
name: EKS-User:<<aws_account_id>>:user_1
Feel free to add a diagram if that helps explain things.
Expected behavior
Support wildcards in the users section of additionalrolebindings to support large team.
spec:
owners:
kind: User
additionalRoleBindings:
subjects:
kind: User
name: EKS-User:<<aws_account_id>>:user_* (wildcard)
The text was updated successfully, but these errors were encountered: