DEV-796: doing argocd RBAC stuff

3 years ago · 43de72cab4
parent 5794da087d
commit 43de72cab4
2 changed files with 25 additions and 3 deletions
--- a/clusterspecifics/appprojects/mobene.yaml
+++ b/clusterspecifics/appprojects/mobene.yaml
@ -34,3 +34,28 @@ spec:
    server: https://kubernetes.default.svc
  - namespace: mobene-keycloak
    server: https://kubernetes.default.svc
+
+  roles:
+    - description: Group to developers to deploy on DEV environment
+      groups:
+        - mobenedevs
+      name: mobene-devs
+      policies:
+        - >-
+          p, proj:mobene:mobenedevs, applications, get,
+          mobene/*, allow
+        - >-
+          p, proj:mobene:mobenedevs, applications, create,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, update,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, delete,
+          mobene/*, deny
+        - >-
+          p, proj:mobene:mobenedevs, applications, sync,
+          mobene/*, allow
+        - >-
+          p, proj:mobene:mobenedevs, applications, override,
+          mobene/*, deny
--- a/values.yaml
+++ b/values.yaml
@ -18,9 +18,6 @@ bootstrap:
      rbacConfig:
        policy.default: role:readonly
        policy.csv: |
-          p, role:mobene-devs, projects, get, mobene, allow
-          p, role:mobene-devs, applications, sync, mobene/*, allow
-          p, role:mobene-devs, logs, get, mobene/*, allow
          g, admin, role:admin
          g, argocd-admins, role:admin
          g, mobenedevs, role:mobene-devs