Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration with GCP IAM #583

Closed
pramodsetlur opened this issue Jun 7, 2022 · 0 comments · Fixed by #593
Closed

Integration with GCP IAM #583

pramodsetlur opened this issue Jun 7, 2022 · 0 comments · Fixed by #593
Assignees
@prometherion
Labels
bug Something isn't working
Milestone
v0.1.2

Comments

@pramodsetlur
Copy link

Describe the feature

Integrate Capsule with GKE and GCP IAM.

What would the new user story look like?

The ability to create a tenant with IAM users/groups in GCP would be helpful.

Eg:

apiVersion: capsule.clastix.io/v1beta1
kind: Tenant
metadata:
  annotations:
    clusterrolenames.capsule.clastix.io/user.pramod.setlur@emailaddress.com: editor,manager
  name: test-tenant
spec:
  owners:
    - kind: User
      name: pramod.setlur@emailaddress.com

Applying the above results in

The Tenant "test-tenant" is invalid: metadata.annotations: Invalid value: "clusterrolenames.capsule.clastix.io/user.pramod.setlur@emailaddress.com": name part must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]')

A user like pramod.setlur@emailaddress.com or a group like our-company-group@company.com can be used in giving the group/user Viewer access at the GCP project level but in turn have Capsule scope the permissions at the namespace level using Tenants.

Expected behavior

Ability to create a Capsule Tenant attached to the GCP IAM users/groups would allow an organization like ours to use existing GCP IAM and bind it with Tenants.
@pramodsetlur pramodsetlur added the blocked-needs-validation Issue need triage and validation label Jun 7, 2022
@prometherion prometherion added this to the v0.1.2 milestone Jun 8, 2022
@prometherion prometherion added bug Something isn't working and removed blocked-needs-validation Issue need triage and validation labels Jun 8, 2022
@prometherion prometherion self-assigned this Jun 19, 2022
@prometherion prometherion mentioned this issue Jun 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prometherion prometherion

Labels
bug Something isn't working
Projects
None yet
Milestone
v0.1.2
2 participants
@pramodsetlur @prometherion