Tetrate Service BridgeVersion: nextFully Qualified Names
In order to unambiguously define a resource, each resource has a fully qualified names (FQN) that that describes their location in the resource hierarchy. These are used in the object definitions that you will be using in the examples.
The following shows the naming patterns used for each of the resources.
| Resource | FQN |
|---|---|
| Role | rbac/<role name> |
| Organization | organizations/<org name> |
| Cluster | organizations/<org name>/clusters/<cluster name> |
| Service | organizations/<org name>/services/<service name> |
| Team | organizations/<org name>/teams/<team name> |
| User | organizations/<org name>/users/<user name> |
| Service Account | organizations/<org name>/serviceaccounts/<service account name> |
| WASM Extension | organizations/<org name>/extensions/<extension name> |
| Tenant | organizations/<org name>/tenants/<tenant name> |
| Workspace | organizations/<org name>/tenants/<tenant name>/workspaces/<workspace name> |
| Application | organizations/<org name>/tenants/<tenant name>/applications/<application name> |
| API | organizations/<org name>/tenants/<tenant name>/applications/<application name>/apis/<api name> |
| Gateway Group | organizations/<org name>/tenants/<tenant name>/workspaces/<workspace name>/gatewaygroups/<group name> |
| Security Group | organizations/<org name>/tenants/<tenant name>/workspaces/<workspace name>/securitygroups/<group name> |
| Traffic Group | organizations/<org name>/tenants/<tenant name>/workspaces/<workspace name>/trafficgroups/<group name> |
| Istio Internal Group | organizations/<org name>/tenants/<tenant name>/workspaces/<workspace name>/istiointernalgroups/<group name> |
The following shows, how FQN's are used while creating AccessBindings.
apiVersion: rbac.tsb.tetrate.io/v2
kind: AccessBindings
metadata:
fqn: organizations/tetrate/tenants/research/workspaces/research-backend-ws
spec:
allow:
- role: rbac/trafficowner
subjects:
- team: organizations/tetrate/teams/research-backend-traffic-owners
- role: rbac/workspaceoperator
subjects:
- team: organizations/tetrate/teams/research-backend-app-team
- role: rbac/securityowner
subjects:
- team: organizations/tetrate/teams/research-backend-security-owners