Update k8s/core/argocd/values.yaml

k8s/core/argocd/values.yaml

@@ -32,22 +32,19 @@ configs:
     create: true
     policy.default: ""
     policy.csv: |
-      # Policies for "Minecraft Manager" group
+      # Bound OIDC Group and internal role
-      # Access to minecraft application in argocd project - view, edit, sync
+      g, Game Servers Managers, GameServersManagersRole
-      p, Minecraft Manager, applications, get, argocd/minecraft, allow
+      # Role permissions
-      p, Minecraft Manager, applications, update, argocd/minecraft, allow
+      p, GameServersManagersRole, applications, get, games/*, allow
-      p, Minecraft Manager, applications, sync, argocd/minecraft, allow
+      p, GameServersManagersRole, applications, update, games/*, allow
-      
+      p, GameServersManagersRole, applications, sync, games/*, allow
-      # Access to actions on minecraft application resources (including restart)
+      p, GameServersManagersRole, applications, override, games/*, allow
-      p, Minecraft Manager, applications, action/*, argocd/minecraft, allow
+      p, GameServersManagersRole, applications, action/*, games/*, allow
-      
+      p, GameServersManagersRole, exec, create, games/*, allow
-      # Access to minecraft application logs
+      p, GameServersManagersRole, logs, get, games/*, allow
-      p, Minecraft Manager, logs, get, argocd/minecraft, allow
+      p, GameServersManagersRole, applications, delete, games/*, deny
-      
-      # Bind group to minecraft role
-      g, Minecraft Manager, role:minecraft
-      
 
+      # Admin policy
       g, ArgoCD Admins, role:admin
 
   secret: