SHARE
TWEET

Untitled

a guest May 20th, 2019 59 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. - !policy
  2.   id: conjur/authn-k8s/conjur-follower
  3.   #Subpolicy to define all things required for OpenShift Authentication
  4.  
  5.   body:
  6.   - !webservice
  7.     annotations:
  8.       description: Authentication service definition for follower namespace
  9.  
  10.   - !policy   #policy definition for CA - used as part of authenticator
  11.     id: ca
  12.     body:
  13.     - !variable
  14.       id: cert
  15.       annotations:
  16.         description: CA Cert for OpenShift Pods
  17.  
  18.     - !variable
  19.       id: key
  20.       annotations:
  21.         description: Corresponding CA key for OpenShift Pod Cert
  22.  
  23.   - !policy
  24.     id: apps
  25.     annotations:
  26.       description: Apps policy - all hosts must be members for OpenShift auth
  27.    
  28.     body:
  29.     - !layer #creating "group of applications" for ease of provisioning
  30.  
  31.     - &PetShelterAppHosts
  32.       - !host
  33.         id: secure-pet-shelter/*/*
  34.         annotations:
  35.           kubernetes/authentication-container-name: authenticator
  36.           openshift: true
  37.  
  38.     - &Go-AppHosts
  39.       - !host
  40.         id: go-app/*/*
  41.         annotations:
  42.           kubernetes/authentication-container-name: authenticator
  43.           openshift: true
  44.  
  45.     - !grant
  46.       role: !layer
  47.       members: *PetShelterAppHosts
  48.    
  49.     - !grant
  50.       role: !layer
  51.       members: *Go-AppHosts
  52.  
  53.   - !permit
  54.     resource: !webservice
  55.     privileges: [ read, authenticate ]
  56.     role: !layer /conjur/authn-k8s/conjur-follower/apps
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top