What would you like to be added:
User can specify what commands are allowed to execute in the daemons.
RBAC based rules look like:
# rbac-policy.yaml
roles:
- name: production-worker
allowed_commands:
- git
- docker
- npm
- python3
forbidden_patterns:
- "rm -rf /"
- "dd if="
- "mkfs"
max_timeout: 3600
- name: ci-builder
allowed_commands:
- git
- cargo
- npm
- make
max_timeout: 7200
- name: debug-shell
allowed_commands: ["*"] # All commands
max_timeout: 300
requires_approval: true
mappings:
- daemon_pattern: "daemon-prod-*"
role: production-worker
- daemon_pattern: "daemon-ci-*"
role: ci-builder
Why is this needed:
Completion requirements:
This feature requires the following artifacts:
The artifacts should be linked in subsequent comments.
What would you like to be added:
User can specify what commands are allowed to execute in the daemons.
RBAC based rules look like:
Why is this needed:
Completion requirements:
This feature requires the following artifacts:
The artifacts should be linked in subsequent comments.