IAMGlobalRoleBinding resource¶

IAMGlobalRoleBinding is the Cluster (non-namespaced) object that should be used for global role bindings in all namespaces. This object is accessible to users with the global-admin IAMRole assigned through the IAMGlobalRoleBinding object. The object contains the following fields:

apiVersion
API version of the object that is iam.mirantis.com/v1alpha1.
kind
Object type that is IAMGlobalRoleBinding.
metadata
Object metadata that contains the following field:
- name
  Role binding name. If the role binding is user-created, user can set any unique name. If a name relates to a binding that is synced by user-controller from Keycloak, the naming convention is <username>-<rolename>.
role
Object role that contains the following field:
- name
  Role name.
user
Object name that contains the following field:
- name
  Name of the iamuser object that the defined role is provided to. Not equal to the user name in Keycloak.

legacy
Defines whether the role binding is legacy. Possible values are true or false.
legacyRole
Applicable when the legacy field value is true. Defines the legacy role name in Keycloak.
external
Defines whether the role is assigned through Keycloak and is synced by user-controller with the MOSK API as the IAMGlobalRoleBinding object. Possible values are true or false.

Caution

If you create the IAM*RoleBinding, do not set or modify the legacy, legacyRole, and external fields unless absolutely necessary and you understand all implications.

Configuration example:

apiVersion: iam.mirantis.com/v1alpha1
kind: IAMGlobalRoleBinding
metadata:
  name: userone-global-admin
role:
  name: global-admin
user:
  name: userone-f150d839
external: false
legacy: false
legacyRole: “”

No results

An error occurred

IAMGlobalRoleBinding resource¶