Version: 0.9

kore assign role

kore assign role#

Assigns a role to one more subjects in the team

Synopsis#

Assignment lets team members assign a security policy to one more robots. A common example would be to create a robot and then assign a deployment role to the robot to permit deploying an application into the cluster. You cannot assign policies to human users—humans use role assumption rather than statically assigned policies (see kore assume --help).

Assignment policies are granted to team members by the team administrator, who has the rights to specify constraints on who can assign a policy to a robot, and any other requirements that must be met.

kore assign role [flags]

Examples#

# Create a robot token and assign a policy to permit deployment to cluster A
$ kore create robot ci
$ kore assign role nsadmin --robot ci --cluster <cluster> --namespace <namespace>
# View the assignements that you can make
$ kore get assignments
# View all the roles that are available. Use -o yaml to view policy.
$ kore get roles --all

Options#

--cluster string Sets the cluster name of a role parameter
--dry-run Shows the resource but does not apply or create (defaults: false)
--expires duration Sets an expiration on the assignment
--group strings one or more teams to apply
-h, --help help for role
--namespace string Sets the namespace name of a role parameter
--robot strings One or more robots
--role strings One or more team roles to apply the role
--scope strings One or more subject scopes to apply the role
--subject strings One or more subjects to apply

Options inherited from parent commands#

--debug Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
-t, --team string The team you are operating within
--verbose Enables verbose logging for debugging purposes (default: false)

SEE ALSO#

  • kore assign - Assign allows you to apply a policy, role or compliance package