This repository has been archived on 2020-01-20. You can view files and clone it, but cannot push or open issues or pull requests.
node-spearhead/examples/rbac-simple
2015-11-21 12:41:16 -08:00
..
rbac-user-keys joyent/node-triton#54 'triton rbac apply' 2015-11-18 12:54:44 -08:00
rbac.json joyent/node-triton#54 'triton rbac reset', 'triton [rbac] keys' default output changes, 'triton rbac apply' implicit usage of './rbac-user-keys' dir, drop shortIds for 'triton rbac ...' 2015-11-21 12:41:16 -08:00
README.md joyent/node-triton#54 'triton rbac apply' 2015-11-18 12:54:44 -08:00

Caveat: All triton rbac ... support is experimental.

This directly holds a super simple example Triton RBAC Profile for a mythical "Simple Corp.", with triton CLI examples showing how to use it for RBAC.

Our Simple corporation will create an "rbactestsimple" Triton account and use RBAC to manage its users, roles, etc. It has two users:

  • emma: Should have full access, to everything.
  • bert: Should only have read access, again to everything.

We want an RBAC config that allows appropriate access for all the employees and tooling. Roughly we'll break that into roles as follows:

  • Role admin. Complete access to the API. Only used by "emma" when, e.g., updating RBAC configuration itself.
  • Role ops. Full access, except to RBAC configuration updates.
  • Role read. Read-only access to compute resources.

See "rbac.json" where we encode all this.

The triton rbac apply command can work with a JSON config file (and optionally separate user public ssh key files) to create and maintain a Triton RBAC configuration. In our example this will be:

triton rbac apply   # defaults to looking at "./rbac.json"