Tetrate Service BridgeVersion: nextrbac.tsb.tetrate.io/v2
Resource Types:
AccessBindings
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | AccessBindings | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
AccessBindings.spec
AccessBindings assigns permissions to users of any TSB resource.
| Name | Type | Description | Required |
|---|---|---|---|
| allow | []object | The list of allowed bindings configures the different access profiles that are allowed on the target resource. | false |
| description | string | A description of the resource. | false |
| etag | string | The etag for the resource. | false |
AccessBindings.spec.allow[index]
| Name | Type | Description | Required |
|---|---|---|---|
| role | string | The role that defines the permissions that will be granted to the target resource. | true |
| subjects | []object | The set of subjects that will be allowed to access the target resource with the permissions defined by the role. | false |
AccessBindings.spec.allow[index].subjects[index]
| Name | Type | Description | Required |
|---|---|---|---|
| serviceAccount | string | A service account in TSB. | false |
| team | string | A team in TSB, created through LDAP sync or API. | false |
| user | string | A user in TSB, created through LDAP sync or API. | false |
Role
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | rbac.tsb.tetrate.io/v2 | true |
| kind | string | Role | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the metadata field. | true |
| spec | object |
| false |
| status | object | false |
Role.spec
Role is a named collection of permissions that can be assigned to any user or team in the system.
| Name | Type | Description | Required |
|---|---|---|---|
| description | string | A description of the resource. | false |
| displayName | string | User friendly name for the resource. | false |
| etag | string | The etag for the resource. | false |
| fqn | string | Fully-qualified name of the resource. | false |
| rules | []object | A set of rules that define the permissions associated with each API group. | false |
Role.spec.rules[index]
| Name | Type | Description | Required |
|---|---|---|---|
| permissions | []enum | The set of actions allowed for these APIs. | true |
| types | []object | The set of API groups and the api Kinds within the group on which this rule is applicable. | false |
Role.spec.rules[index].types[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiGroup | string | A specific API group such as traffic.tsb.tetrate.io/v2. | true |
| kinds | []string | Specific kinds of APIs under the API group. | false |
| scopedAt | []object | The list of parent types where the defined kinds will be scoped under. | false |
Role.spec.rules[index].types[index].scopedAt[index]
| Name | Type | Description | Required |
|---|---|---|---|
| apiGroup | string | A specific API group such as traffic.tsb.tetrate.io/v2. | true |
| kind | string | Specific kind of API under the API group. | true |