generated from coulomb/repo-seed
FLEX-WP-0006: implement ops-warden signing gate policy
This commit is contained in:
36
examples/ops-warden/protected_system_manifest.yaml
Normal file
36
examples/ops-warden/protected_system_manifest.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
id: ops-warden
|
||||
name: Ops Warden
|
||||
resource_types:
|
||||
- name: ssh-certificate
|
||||
scope_level: Resource
|
||||
planes:
|
||||
- Identity
|
||||
- Secret
|
||||
- Audit
|
||||
metadata:
|
||||
description: Short-lived SSH certificate signing request.
|
||||
actions:
|
||||
- name: sign
|
||||
capabilities:
|
||||
- Use
|
||||
- Operate
|
||||
- Audit
|
||||
planes:
|
||||
- Identity
|
||||
- Secret
|
||||
- Audit
|
||||
exposure_modes:
|
||||
- Metadata
|
||||
metadata:
|
||||
required_context:
|
||||
- principals
|
||||
- actor_type
|
||||
- pubkey_fingerprint
|
||||
- ttl_hours
|
||||
caring_profiles:
|
||||
- caring-0.4.0-rc2
|
||||
metadata:
|
||||
flex_auth_contract: protected-system-v0
|
||||
ops_warden_policy_gate: v2
|
||||
policy_enabled_config: policy.enabled
|
||||
tenant: tenant:platform
|
||||
Reference in New Issue
Block a user