{"id":28378049,"url":"https://github.com/robusta-dev/rbac-builder","last_synced_at":"2025-08-21T17:27:44.935Z","repository":{"id":242481136,"uuid":"806689182","full_name":"robusta-dev/rbac-builder","owner":"robusta-dev","description":null,"archived":false,"fork":false,"pushed_at":"2024-06-03T07:59:14.000Z","size":15,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-06-22T03:52:45.949Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robusta-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-27T17:31:38.000Z","updated_at":"2024-06-03T07:59:17.000Z","dependencies_parsed_at":"2024-06-03T09:53:43.018Z","dependency_job_id":"7b00bbf7-1b0f-4c3a-87f7-4c784023f0dc","html_url":"https://github.com/robusta-dev/rbac-builder","commit_stats":null,"previous_names":["robusta-dev/rbac-builder"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/robusta-dev/rbac-builder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robusta-dev%2Frbac-builder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robusta-dev%2Frbac-builder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robusta-dev%2Frbac-builder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robusta-dev%2Frbac-builder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robusta-dev","download_url":"https://codeload.github.com/robusta-dev/rbac-builder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robusta-dev%2Frbac-builder/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262145201,"owners_count":23265892,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-30T01:35:30.333Z","updated_at":"2025-06-26T21:32:38.877Z","avatar_url":"https://github.com/robusta-dev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Overview\nThe rbac-builder reads a configuration yaml, and convert it to Robusta's RBAC rules.\nIn it, you should specify the `account_id`, `scopes` and `groups`\n\nEach execution, the `rbac-builder` will delete all the existing `scopes` and `groups` for the account, \nand will create new ones, according to the provided configuration\n\nThis is a configuration example: (the file can be found under `config/definitions.yaml`\n)\n```angular2html\naccount_id: 6c2cbf41-c7b5-48ab-9777-76d320b985d4  # UUID\nscopes:\n  - name: scope-1\n    type: namespace\n    clusters:\n      cl1: [\"*\"]\n      cl2: [\"default\", \"kube-system\"]\n  - name: scope-2\n    type: cluster\n    clusters:\n      cl3: [\"*\"]\n      cl4: [\"*\"]\ngroups:\n  - name: dev-us-xyz\n    provider_group_id: ea50b713-93c0-45d3-a87d-de253c06db0a  # UUID\n    type: namespace\n    permissions: [\"POD_LOGS\", \"METRICS_VIEW\", \"JOB_DELETE\"]\n    scopes: [\"scope-1\"]\n  - name: dev-eu-ttt\n    provider_group_id: 233bd8f0-60a7-4cbc-b151-b109c3308b07  # UUID\n    type: cluster\n    permissions: [\"CLUSTER_DELETE\", \"POPEYE_SCAN\"]\n    scopes: [\"scope-1\", \"scope-2\"]\n```\n\n# Configuration\n\nTo run this, you'll need to provide environment variable, with DB accesss parameters\nUse the same credentials as the `plaform-relay` service\n\n```angular2html\nSTORE_API_KEY=eyJ...\nSTORE_PASSWORD=e...\nSTORE_URL=https://...\nSTORE_USER=apiuser-stgrobustarelay@robusta.dev\n```\n\nIf you're using self-signed certificates, add it using the `CERTIFICATE` (the same way it's added to the `platform-relay` service) \n\n# How To Use\n\n`Scopes`\nEach scope has a `type` field that must be `cluster` or `namespace`\n\n`cluster` scope, means the scope is on the *entire* cluster (all namespaces)\nEach cluster scope should be in the format of: `cluster-name: [\"*\"]`\n\n`namespace` scope, means the scope can be on a set of namespaces, within a cluster\nThe format of namespaces scope is: `cluster-name: [\"ns1\", \"ns2\"]`\nYou can also define a `namespace` scope on all cluster namespaces: `cluster-name: [\"*\"]`\n\n\n`Groups`\nEach group has a `type` field that must be `cluster` or `namespace`\n\n`cluster` groups, can only be applied on scopes with `type` \"cluster\"\n`namespace` groups, can only be applied on all scopes\n\n\nEvery group has a set of `permissions`. These are the actual actions the user will be allowed to do.\n\nThere are default `permissions`, which are given by default to every group.\n\nFor `namespace` groups, the default permissions are: `APP_VIEW, JOB_VIEW, TIMELINE_VIEW`\nFor `cluster` groups, the default permissions are: `APP_VIEW, JOB_VIEW, TIMELINE_VIEW, NODE_VIEW, CLUSTER_VIEW`\n\n`namespace` groups can be assigned to one of the following permissions (on top of the default permissions):\n`APP_RESTART, JOB_DELETE, POD_LOGS, POD_DELETE, KRR_VIEW, POPEYE_VIEW, METRICS_VIEW`\n\n`cluster` groups can be assigned to one of the following permissions (on top of the default permissions):\n`APP_RESTART, JOB_DELETE, POD_LOGS, POD_DELETE, METRICS_VIEW, NODE_DRAIN, NODE_CORDON, NODE_UNCORDON, CLUSTER_DELETE, KRR_SCAN, KRR_VIEW, POPEYE_VIEW, POPEYE_SCAN, ALERT_CONFIG_EDIT, ALERT_CONFIG_VIEW, SILENCES_VIEW, SILENCES_EDIT`\n\n# Deployment\nTBD\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobusta-dev%2Frbac-builder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobusta-dev%2Frbac-builder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobusta-dev%2Frbac-builder/lists"}