Skip to main content
Version: 1.5

wf assign role

wf assign role​

Assigns a role to one more subjects in the workspace

Synopsis​

Assignment lets workspace members assign a security policy to one more robots. A common example would be to create a robot and then assign a deployment role to the robot to permit deploying an application into the cluster. You cannot assign policies to human users—humans use role assumption rather than statically assigned policies (see wf assume --help).

Assignment policies are granted to workspace members by the workspace administrator, who has the rights to specify constraints on who can assign a policy to a robot, and any other requirements that must be met.

wf assign role [flags]

Examples​


# Create a robot token and assign a policy to permit deployment to cluster A

$ wf create robot ci
$ wf assign role nsadmin --robot ci --cluster <cluster> --namespace <namespace>

# View the assignements that you can make
$ wf get assignments

# View all the roles that are available. Use -o yaml to view policy.
$ wf get roles --all

Options​

      --cluster string     Sets the cluster name of a role parameter
      --dry-run            Shows the resource but does not apply or create (defaults: false)
      --expires duration   Sets an expiration on the assignment
      --group strings      one or more workspaces to apply
  -h, --help               help for role
      --namespace string   Sets the namespace name of a role parameter
      --robot strings      One or more robots
      --role strings       One or more workspace roles to apply the role
      --scope strings      One or more subject scopes to apply the role
      --subject strings    One or more subjects to apply

Options inherited from parent commands​

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within

SEE ALSO​

  • wf assign - Assign allows you to apply a policy, role or compliance package
Last updated on 24 Oct 2022