{"id":20155272,"url":"https://github.com/redhat-cop/dynamic-rbac-operator","last_synced_at":"2025-04-09T22:02:57.996Z","repository":{"id":52476448,"uuid":"302680701","full_name":"redhat-cop/dynamic-rbac-operator","owner":"redhat-cop","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-06T08:47:15.000Z","size":88,"stargazers_count":22,"open_issues_count":13,"forks_count":4,"subscribers_count":16,"default_branch":"main","last_synced_at":"2025-04-09T22:02:34.443Z","etag":null,"topics":["container-cop","k8s-operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-cop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-10-09T15:24:48.000Z","updated_at":"2024-11-15T09:14:37.000Z","dependencies_parsed_at":"2023-12-06T03:27:09.612Z","dependency_job_id":"ed5d4248-a704-4216-9d12-f4bc470c14cc","html_url":"https://github.com/redhat-cop/dynamic-rbac-operator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fdynamic-rbac-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fdynamic-rbac-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fdynamic-rbac-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fdynamic-rbac-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-cop","download_url":"https://codeload.github.com/redhat-cop/dynamic-rbac-operator/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248119296,"owners_count":21050755,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-cop","k8s-operator"],"created_at":"2024-11-13T23:31:12.886Z","updated_at":"2025-04-09T22:02:57.969Z","avatar_url":"https://github.com/redhat-cop.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cbr /\u003e\n\u003cp align=\"center\"\u003e\n\n  \u003ch3 align=\"center\"\u003eDynamic RBAC Operator\u003c/h3\u003e\n\n  \u003cp align=\"center\"\u003e\n    Flexible definitions of Kubernetes RBAC rules\n  \u003c/p\u003e\n\u003c/p\u003e\n\n\u003c!-- TABLE OF CONTENTS --\u003e\n\n## Table of Contents\n\n- [About the Project](#about-the-project)\n  - [Built With](#built-with)\n- [Getting Started](#getting-started)\n  - [Installation](#installation)\n- [Usage](#usage)\n- [Roadmap](#roadmap)\n- [Contributing](#contributing)\n- [License](#license)\n- [Contact](#contact)\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n\n## About The Project\n\nWriting Kubernetes RBAC definitions by hand can be a pain. This operator allows you to define \"Dynamic\" RBAC rules that change based on the state of your cluster, so you can spend your time writing the RBAC _patterns_ that you'd like to deploy, rather than traditional, fully enumerated RBAC rules.\n\n### Built With\n\n- [Operator-SDK](https://github.com/operator-framework/operator-sdk)\n\n\u003c!-- GETTING STARTED --\u003e\n\n## Getting Started\n\n### Installation\n\nThis operator can be installed with Kustomize:\n\n`kustomize build config/default | oc apply -f -`\n\n\u003c!-- USAGE EXAMPLES --\u003e\n\n## Usage\n\nOnce the operator is installed, you can begin using `DynamicRole` and `DynamicClusterRole` resources within your cluster.\n\nFor example, the following `DynamicClusterRole` inherits all rules from `cluster-admin`, except the `user.openshift.io` group, and _only_ allows access to `pods` in the `metrics.k8s.io` group:\n\n```yaml\napiVersion: rbac.redhatcop.redhat.io/v1alpha1\nkind: DynamicClusterRole\nmetadata:\n  name: admin-without-users\nspec:\n  inherit:\n    - name: cluster-admin\n      kind: ClusterRole\n  deny:\n    - apiGroups:\n        - \"user.openshift.io\"\n      resources:\n        - \"*\"\n      verbs:\n        - \"*\"\n    - apiGroups:\n        - \"metrics.k8s.io\"\n      resources:\n        - \"*\"\n      verbs:\n        - \"*\"\n  allow:\n    - apiGroups:\n        - \"metrics.k8s.io\"\n      resources:\n        - \"pods\"\n      verbs:\n        - \"*\"\n```\n\nwill cause the operator to use the cluster's resource discovery API to enumerate all of the individual permissions of the `cluster-admin` user, and then remove access to `user.openshift.io/users` resources.\n\nYou can then create a `RoleBinding` or `ClusterRoleBinding` to `admin-without-users` (as a `ClusterRole`) as normal, and permissions will work as expected!\n\n\u003c!-- ROADMAP --\u003e\n\n## Roadmap\n\nSee the [open issues](https://github.com/redhat-cop/dynamic-rbac-operator/issues) for a list of proposed features.\n\n\u003c!-- CONTRIBUTING --\u003e\n\n## Contributing\n\nContributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are **greatly appreciated**.\n\n1. Fork the Project\n2. Create your Feature Branch (`git checkout -b feature/AmazingFeature`)\n3. Commit your Changes (`git commit -m 'Add some AmazingFeature'`)\n4. Push to the Branch (`git push origin feature/AmazingFeature`)\n5. Open a Pull Request\n\n\u003c!-- LICENSE --\u003e\n\n## License\n\nDistributed under the Apache License 2.0. See `LICENSE` for more information.\n\n\u003c!-- CONTACT --\u003e\n\n## Contact\n\nProject Link: [https://github.com/redhat-cop/dynamic-rbac-operator](https://github.com/redhat-cop/dynamic-rbac-operator)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fdynamic-rbac-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-cop%2Fdynamic-rbac-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fdynamic-rbac-operator/lists"}