Skip to content

[Feature Request] Expiring and Postponed RBACDefinitions #204

New issue
New issue
Open
Open
[Feature Request] Expiring and Postponed RBACDefinitions#204
Labels
enhancementAdding additional functionality or improvementshelp wantedExtra attention is neededpinnedPrevents stalebot from removingpriority: couldFuture work depending on bandwidth and availability
@terrykong

Description

@terrykong
terrykong
opened on Feb 19, 2021 · edited by terrykong

Hi team,

This is a really awesome tool and it's helped us reduce a lot of repeated binding specs.

I was wondering if it would be possible to add a way to specify for how long a RBACDefinition is valid for, and additionally, a "start date" to specify when the RBACDefinition will become valid. For example, it would be nice if we could do the following (extending the example on the README):

apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
  name: dev-access
rbacBindings:
  - name: dev-team
    subjects:
      - kind: Group
        name: dev-team
    roleBindings:
      - clusterRole: edit
        namespaceSelector:
          matchLabels:
            team: dev
    # If startTime is omitted, then it is valid immediately
    startTime: "2020-09-15T00:17:10Z"
    # If endTime is omitted, then it is valid indefinitely
    endTime: "2021-09-15T00:17:10Z"

Some use cases I had in mind were:

  1. Sometimes I want to give temporary access, and for that I could use some kind of endTime field
  2. Perhaps I have a new employee that I know will need permissions at some point, I could specify a startTime so that I could apply the RBACDefinition now, but it's effect won't take place until later. Another example here is: I have an intern for which I know the exact time they start and end, so I could set up their roles to have a start and expiry date.

Activity

sudermanjr

sudermanjr commented on Feb 19, 2021

@sudermanjr
sudermanjr
on Feb 19, 2021
Member

This would be a really cool feature. I feel like it might be a significant change, but a very very cool feature.

sudermanjr
added
enhancementAdding additional functionality or improvements
on Feb 19, 2021
stale

stale commented on Apr 13, 2021

@stale
stalebot
on Apr 13, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale
added
staleMarked as stale by stalebot
on Apr 13, 2021
stale
closed this as completedon Apr 26, 2021
sudermanjr
added this to Fairwinds Open Sourceon Oct 27, 2021
sudermanjr
added
priority: couldFuture work depending on bandwidth and availability
and removed
staleMarked as stale by stalebot
on Oct 27, 2021
sudermanjr
reopened this on Oct 27, 2021
lucasreed
added
pinnedPrevents stalebot from removing
on Jan 12, 2022
snooyen
mentioned this on Jul 27, 2022
VarunTyagi86
mentioned this on Aug 23, 2022
sudermanjr
added
help wantedExtra attention is needed
on Aug 24, 2022
sudermanjr
mentioned this on Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementAdding additional functionality or improvementshelp wantedExtra attention is neededpinnedPrevents stalebot from removingpriority: couldFuture work depending on bandwidth and availability

    Type

    No type

    Projects

    Fairwinds Open Source

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @lucasreed@terrykong@sudermanjr

        Issue actions
          [Feature Request] Expiring and Postponed RBACDefinitions · Issue #204 · FairwindsOps/rbac-manager