37 lines
1.0 KiB
YAML
37 lines
1.0 KiB
YAML
---
|
|
apiVersion: kyverno.io/v1
|
|
kind: ClusterPolicy
|
|
metadata:
|
|
name: airm-project-namespace-rolebinding
|
|
spec:
|
|
background: false
|
|
rules:
|
|
- generate:
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
data:
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: airm-project-member
|
|
subjects:
|
|
- apiGroup: rbac.authorization.k8s.io
|
|
kind: Group
|
|
name: oidc{{request.object.metadata.name}}
|
|
kind: RoleBinding
|
|
name: '{{request.object.metadata.name}}-member-role-binding'
|
|
namespace: '{{request.object.metadata.name}}'
|
|
synchronize: true
|
|
match:
|
|
any:
|
|
- resources:
|
|
kinds:
|
|
- Namespace
|
|
operations:
|
|
- CREATE
|
|
name: generate-project-namespace-rolebinding
|
|
preconditions:
|
|
any:
|
|
- key: '{{request.object.metadata.labels."airm.silogen.ai/project-id" || '''' }}'
|
|
operator: NotEquals
|
|
value: ""
|