RBAC encode
Add support for specifying an RBAC_FILE
variable to deploy jobs.
Specifying a filepath e.g. rbac.yaml
will cause the job to base64 encode the yaml snippet into an environment variable that can then be passed to a sidecar container.
Example rbac.yaml:
rules:
action: DENY
policies:
"iwoca-tech":
permissions:
- not_rule:
header: { name: "X-Iwoca-Groups", contains_match: '"tech"' }
principals:
- any: true
Edited by Elliott Street