Open
Description
Hi team,
thank you for this very nice operator.
It would be very handy if namespaces could not only be matched by their exact name, but instead by a pattern.
Currently we use an external script to find matching namespaces per user and then create the RBACDefinition and apply it to the cluster.
Unfortunately this creates quite some delay between a newly created namespace and the corresponding team members getting access to it.
Unfortunately we cannot use labels on namespaces since in our setups it's not possible to add labels or annotations to the namespaces themselves.
Example how this could look like:
apiVersion: rbacmanager.reactiveops.io/v1beta1
kind: RBACDefinition
metadata:
name: rbac-manager-users-example
rbacBindings:
- name: web-developers
subjects:
- kind: User
name: [email protected]
- kind: User
name: [email protected]
roleBindings:
- clusterRole: edit
namespaceRegex: ".*-project-xy-.*"