This PR proposes a new CRD for the capsule-proxy GlobalProxySettings. Its meant for use-cases, where we want to bind clusterScoped Listing permissions to subjects (eg. listing clusters). An example:
apiVersion: capsule.clastix.io/v1beta1
kind: GlobalProxySettings
metadata:
name: global-proxy-settings
spec:
rules:
- subjects:
- kind: User
name: alice
clusterResources:
- apiGroups:
- "*"
resources:
- "*"
operations:
- List
selector:
matchLabels:
app.kubernetes.io/type: dev
- subjects:
- kind: User
name: alice
clusterResources:
- apiGroups:
- "*"
resources:
- "*"
operations:
- List
selector:
matchLabels:
app.kubernetes.io/type: meowie
It converts all modules to GKs to GVKs. This is a preparation to make clusterResources properties compatible with tenant selected attributes (for cluster-scoped resources)
It also adds a first e2e usinbg ginkgo, im going to add more tests in seperate PRs. Creates the fundament for #257
This PR proposes a new CRD for the capsule-proxy
GlobalProxySettings. Its meant for use-cases, where we want to bind clusterScoped Listing permissions to subjects (eg. listing clusters). An example:It converts all modules to GKs to GVKs. This is a preparation to make clusterResources properties compatible with tenant selected attributes (for cluster-scoped resources)
It also adds a first e2e usinbg ginkgo, im going to add more tests in seperate PRs. Creates the fundament for #257