-
Notifications
You must be signed in to change notification settings - Fork 3
/
accesspolicy_example_COS_bucket.yaml
91 lines (87 loc) · 2.11 KB
/
accesspolicy_example_COS_bucket.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
apiVersion: ibmcloud.ibm.com/v1alpha1
kind: AccessPolicy
metadata:
name: cosbucketuserpolicy
spec:
subject:
userEmail: avarghese@us.ibm.com
roles:
definedRoles:
- Viewer
- Administrator
target:
resourceGroup: Default
serviceClass: cloud-object-storage
serviceID: 1cdd19ff-c033-4767-b6b7-4fe2fc58c6a1
resourceName: bucket
resourceID: cosbucket-standard-ansu
---
apiVersion: ibmcloud.ibm.com/v1alpha1
kind: AccessPolicy
metadata:
name: cosbucketservicepolicy
spec:
subject:
serviceID: ServiceId-fa27c539-a6cf-41d2-8cb0-2916da5f8e8a
roles:
definedRoles:
- Viewer
- Administrator
target:
resourceGroup: Default
serviceClass: cloud-object-storage
serviceID: 1cdd19ff-c033-4767-b6b7-4fe2fc58c6a1
resourceName: bucket
resourceID: cosbucket-standard-ansu
---
apiVersion: ibmcloud.ibm.com/v1alpha1
kind: AccessPolicy
metadata:
name: cosbucketgrouppolicy
spec:
subject:
accessGroupID: AccessGroupId-4099639d-95d2-4d78-ae6b-536f3891953c
roles:
definedRoles:
- Viewer
- Administrator
target:
resourceGroup: Default
serviceClass: cloud-object-storage
serviceID: 1cdd19ff-c033-4767-b6b7-4fe2fc58c6a1
resourceName: bucket
resourceID: cosbucket-standard-ansu
---
apiVersion: ibmcloud.ibm.com/v1alpha1
kind: AccessGroup
metadata:
name: cosbucketnewgroup
spec:
name: cosbucketaccessgroup
description: A new access group to test access group controller
userEmails:
- avarghese@us.ibm.com
- mvaziri@us.ibm.com
serviceIDs:
- ServiceId-3b9f026a-eb6e-495f-b104-95232d0c4a59
- ServiceId-fa27c539-a6cf-41d2-8cb0-2916da5f8e8a
---
apiVersion: ibmcloud.ibm.com/v1alpha1
kind: AccessPolicy
metadata:
name: cosbucketnewgrouppolicy
spec:
subject:
accessGroupDef:
accessGroupName: cosbucketnewgroup
accessGroupNamespace: default
roles:
definedRoles:
- Viewer
- Administrator
target:
resourceGroup: Default
serviceClass: cloud-object-storage
serviceID: 1cdd19ff-c033-4767-b6b7-4fe2fc58c6a1
resourceName: bucket
resourceID: cosbucket-standard-ansu