rbac-manager icon indicating copy to clipboard operation
rbac-manager copied to clipboard

Published 20 hours ago verified publisher icon FairwindsOps

[Feature Request] Matching namespaces with regular expressions

Open jmueller42 opened this issue 2 years ago • 2 comments

Hi team,

thank you for this very nice operator.

It would be very handy if namespaces could not only be matched by their exact name, but instead by a pattern. Currently we use an external script to find matching namespaces per user and then create the RBACDefinition and apply it to the cluster. Unfortunately this creates quite some delay between a newly created namespace and the corresponding team members getting access to it. Unfortunately we cannot use labels on namespaces since in our setups it's not possible to add labels or annotations to the namespaces themselves.

Example how this could look like:

apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
  name: rbac-manager-users-example
rbacBindings:
  - name: web-developers
    subjects:
      - kind: User
        name: [email protected]
      - kind: User
        name: [email protected]
    roleBindings:
      - clusterRole: edit
        namespaceRegex: ".*-project-xy-.*"

jmueller42 avatar Nov 16 '22 15:11 jmueller42

Seems like a great idea, thanks for the request!

sudermanjr avatar Nov 16 '22 15:11 sudermanjr

Is this been implemented? Any updates?

ana-ghirghilijiu-sage avatar Jun 04 '24 18:06 ana-ghirghilijiu-sage