From b9e1b73681e27b8d8f830089b1cba0825140259a Mon Sep 17 00:00:00 2001 From: ab Date: Wed, 16 Jul 2025 14:05:57 +0000 Subject: [PATCH] Update k8s/core/argocd/values.yaml --- k8s/core/argocd/values.yaml | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml index 734efd9..8fc7cf7 100644 --- a/k8s/core/argocd/values.yaml +++ b/k8s/core/argocd/values.yaml @@ -32,18 +32,22 @@ configs: create: true policy.default: "" policy.csv: | - p, minecraft_manager, applications, get, */minecraft, allow - p, minecraft_manager, applications, update, */minecraft, allow - p, minecraft_manager, applications, sync, */minecraft, allow - p, minecraft_manager, applications, action/*, */minecraft, allow - p, minecraft_manager, logs, get, */minecraft, allow - p, minecraft_manager, applications, *, *, deny - p, minecraft_manager, applications, get, */minecraft, allow - p, minecraft_manager, applications, update, */minecraft, allow - p, minecraft_manager, applications, sync, */minecraft, allow - p, minecraft_manager, applications, action/*, */minecraft, allow - p, minecraft_manager, logs, get, */minecraft, allow - g, Minecraft Manager, role:minecraft-manager + # Policies for "Minecraft Manager" group + # Access to minecraft application in argocd project - view, edit, sync + p, Minecraft Manager, applications, get, argocd/minecraft, allow + p, Minecraft Manager, applications, update, argocd/minecraft, allow + p, Minecraft Manager, applications, sync, argocd/minecraft, allow + + # Access to actions on minecraft application resources (including restart) + p, Minecraft Manager, applications, action/*, argocd/minecraft, allow + + # Access to minecraft application logs + p, Minecraft Manager, logs, get, argocd/minecraft, allow + + # Bind group to minecraft role + g, Minecraft Manager, role:minecraft + + g, ArgoCD Admins, role:admin secret: