generated from coulomb/repo-seed
FLEX-WP-0006: implement ops-warden signing gate policy
This commit is contained in:
59
examples/ops-warden/resource_manifest.yaml
Normal file
59
examples/ops-warden/resource_manifest.yaml
Normal file
@@ -0,0 +1,59 @@
|
||||
id: ops-warden-ssh-certificates
|
||||
system: ops-warden
|
||||
resources:
|
||||
- id: ssh-cert:actor/platform-steward
|
||||
type: ssh-certificate
|
||||
labels:
|
||||
- ssh-signing
|
||||
- adm
|
||||
trust_zone: platform
|
||||
owner: team:platform-security
|
||||
attributes:
|
||||
actor_id: platform-steward
|
||||
actor_type: adm
|
||||
allowed_subjects:
|
||||
- platform-steward
|
||||
- iam:platform-steward
|
||||
allowed_principals:
|
||||
- platform
|
||||
- root
|
||||
max_ttl_hours: 8
|
||||
- id: ssh-cert:actor/ci-deploy-agent
|
||||
type: ssh-certificate
|
||||
labels:
|
||||
- ssh-signing
|
||||
- agt
|
||||
trust_zone: platform
|
||||
owner: team:platform-security
|
||||
attributes:
|
||||
actor_id: ci-deploy-agent
|
||||
actor_type: agt
|
||||
allowed_subjects:
|
||||
- ci-deploy-agent
|
||||
- iam:ci-deploy-agent
|
||||
allowed_principals:
|
||||
- deploy
|
||||
- git
|
||||
max_ttl_hours: 2
|
||||
- id: ssh-cert:actor/backup-automation
|
||||
type: ssh-certificate
|
||||
labels:
|
||||
- ssh-signing
|
||||
- atm
|
||||
trust_zone: platform
|
||||
owner: team:platform-security
|
||||
attributes:
|
||||
actor_id: backup-automation
|
||||
actor_type: atm
|
||||
allowed_subjects:
|
||||
- backup-automation
|
||||
- iam:backup-automation
|
||||
allowed_principals:
|
||||
- backup
|
||||
max_ttl_hours: 1
|
||||
actions:
|
||||
- sign
|
||||
caring_profile: caring-0.4.0-rc2
|
||||
metadata:
|
||||
flex_auth_contract: resource-registration-v0
|
||||
tenant: tenant:platform
|
||||
Reference in New Issue
Block a user