From f775d01ec42a511f7e6990ffeaf0dce725a5ef03 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 15 Feb 2024 20:51:05 +0100 Subject: [PATCH] fix: generate petimeter-acl via kustomization --- applications/petimeter.yaml | 3 + charts/petimeter/base/deployment_patch.yaml | 2 +- charts/petimeter/manifests/acl.json | 220 +++++++++++++++++ charts/petimeter/manifests/acl.yaml | 226 ------------------ charts/petimeter/manifests/kustomization.yaml | 6 + 5 files changed, 230 insertions(+), 227 deletions(-) create mode 100644 charts/petimeter/manifests/acl.json delete mode 100644 charts/petimeter/manifests/acl.yaml create mode 100644 charts/petimeter/manifests/kustomization.yaml diff --git a/applications/petimeter.yaml b/applications/petimeter.yaml index c54ceb11..b72528e9 100644 --- a/applications/petimeter.yaml +++ b/applications/petimeter.yaml @@ -37,6 +37,9 @@ spec: string: '{{ .env }}' - name: hostname string: '{{ .hostname }}' + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: dev + path: charts/petimeter/manifests templatePatch: | {{- if .autoSync }} spec: diff --git a/charts/petimeter/base/deployment_patch.yaml b/charts/petimeter/base/deployment_patch.yaml index 20ecb37f..474e1c54 100644 --- a/charts/petimeter/base/deployment_patch.yaml +++ b/charts/petimeter/base/deployment_patch.yaml @@ -16,4 +16,4 @@ value: name: acl configMap: - name: prod-petimeter-acl + name: petimeter-acl diff --git a/charts/petimeter/manifests/acl.json b/charts/petimeter/manifests/acl.json new file mode 100644 index 00000000..d77d1ce8 --- /dev/null +++ b/charts/petimeter/manifests/acl.json @@ -0,0 +1,220 @@ +[ + { + "domain": "oceanbox.io", + "access": [ + { + "matching": ".*@oceanbox.io", + "group": "/oceanbox", + "roles": [ "admin" ], + "capabilities": [ + "run:*" + ] + } + ] + }, + { + "domain": "salmar.no", + "access": [ + { + "matching": ".*@salmar.no", + "group": "/salmar", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "leroy.no", + "access": [ + { + "matching": "karstein@leroy.no", + "group": "/oceanbox", + "roles": [ "admin" ], + "capabilities": [ "run:*" ] + }, + { + "matching": ".*@leroy.no", + "group": "/leroy", + "roles": [ "user" ], + "capabilities": [] + } + ] + }, + { + "domain": "serit.no", + "access": [ + { + "matching": ".*@tromso.serit.no", + "group": "/oceanbox", + "roles": [ "admin" ], + "capabilities": [] + } + ] + }, + { + "domain": "aqua-kompetanse.no", + "access": [ + { + "matching": ".*@aqua-kompetanse.no", + "group": "/aqua-kompetanse", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "kelpinor.no", + "access": [ + { + "matching": ".*@kelpinor.no", + "group": "/kelpinor", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "bkmanimalhealth.com", + "access": [ + { + "matching": ".*@bkmanimalhealth.com", + "group": "/bkmanimalhealth", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "uio.no", + "access": [ + { + "matching": ".*@geo.uio.no", + "group": "/demo", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "nord.no", + "access": [ + { + "matching": ".*@.*.nord.no", + "group": "/uni-nord", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "argusmiljo.no", + "access": [ + { + "matching": ".*@argusmiljo.no", + "group": "/argusmiljo", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "bakkafrost.com", + "access": [ + { + "matching": ".*@bakkafrost.com", + "group": "/bakkafrost", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "multiconsult.no", + "access": [ + { + "matching": ".*@multiconsult.no", + "group": "/multiconsult", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "kpmg.no", + "access": [ + { + "matching": ".*@kpmg.no", + "group": "/kpmg", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "synfaring.no", + "access": [ + { + "matching": ".*@synfaring.no", + "group": "/synfaring", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + }, + { + "domain": "gmail.com", + "access": [ + { + "matching": "jonas.juselius@gmail.com", + "group": "/bakkafrost", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + }, + { + "matching": ".*@gmail.com", + "group": "/demo", + "roles": [ "user" ], + "capabilities": [ + "run:transport", + "run:sedimentation" + ] + } + ] + } +] diff --git a/charts/petimeter/manifests/acl.yaml b/charts/petimeter/manifests/acl.yaml deleted file mode 100644 index 6aa3d41f..00000000 --- a/charts/petimeter/manifests/acl.yaml +++ /dev/null @@ -1,226 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: petimeter-acl -data: - acl.json: |- - [ - { - "domain": "oceanbox.io", - "access": [ - { - "matching": ".*@oceanbox.io", - "group": "/oceanbox", - "roles": [ "admin" ], - "capabilities": [ - "run:*" - ] - } - ] - }, - { - "domain": "salmar.no", - "access": [ - { - "matching": ".*@salmar.no", - "group": "/salmar", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "leroy.no", - "access": [ - { - "matching": "karstein@leroy.no", - "group": "/oceanbox", - "roles": [ "admin" ], - "capabilities": [ "run:*" ] - }, - { - "matching": ".*@leroy.no", - "group": "/leroy", - "roles": [ "user" ], - "capabilities": [] - } - ] - }, - { - "domain": "serit.no", - "access": [ - { - "matching": ".*@tromso.serit.no", - "group": "/oceanbox", - "roles": [ "admin" ], - "capabilities": [] - } - ] - }, - { - "domain": "aqua-kompetanse.no", - "access": [ - { - "matching": ".*@aqua-kompetanse.no", - "group": "/aqua-kompetanse", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "kelpinor.no", - "access": [ - { - "matching": ".*@kelpinor.no", - "group": "/kelpinor", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "bkmanimalhealth.com", - "access": [ - { - "matching": ".*@bkmanimalhealth.com", - "group": "/bkmanimalhealth", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "uio.no", - "access": [ - { - "matching": ".*@geo.uio.no", - "group": "/demo", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "nord.no", - "access": [ - { - "matching": ".*@.*.nord.no", - "group": "/uni-nord", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "argusmiljo.no", - "access": [ - { - "matching": ".*@argusmiljo.no", - "group": "/argusmiljo", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "bakkafrost.com", - "access": [ - { - "matching": ".*@bakkafrost.com", - "group": "/bakkafrost", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "multiconsult.no", - "access": [ - { - "matching": ".*@multiconsult.no", - "group": "/multiconsult", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "kpmg.no", - "access": [ - { - "matching": ".*@kpmg.no", - "group": "/kpmg", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "synfaring.no", - "access": [ - { - "matching": ".*@synfaring.no", - "group": "/synfaring", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - }, - { - "domain": "gmail.com", - "access": [ - { - "matching": "jonas.juselius@gmail.com", - "group": "/bakkafrost", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - }, - { - "matching": ".*@gmail.com", - "group": "/demo", - "roles": [ "user" ], - "capabilities": [ - "run:transport", - "run:sedimentation" - ] - } - ] - } - ] diff --git a/charts/petimeter/manifests/kustomization.yaml b/charts/petimeter/manifests/kustomization.yaml new file mode 100644 index 00000000..d2655ae1 --- /dev/null +++ b/charts/petimeter/manifests/kustomization.yaml @@ -0,0 +1,6 @@ +generatorOptions: + disableNameSuffixHash: true +configmapGenerator: +- name: petimeter-acl + files: + - acl.json