From 4b781a1c8c56ce15f7437ffbb8984ee718a3c9d2 Mon Sep 17 00:00:00 2001 From: dwalters Date: Wed, 24 Jun 2026 14:43:37 -0400 Subject: [PATCH 1/2] adding workspace as group type option in our CRD --- templates/crds/group.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/crds/group.yaml b/templates/crds/group.yaml index 9a26ae7..024ed40 100644 --- a/templates/crds/group.yaml +++ b/templates/crds/group.yaml @@ -32,8 +32,8 @@ spec: spec: type: object x-kubernetes-validations: - - rule: "self.type == 'service' || self.type == 'role' || self.type == 'project' || self.type == 'posix'" - message: "Group type needs to be either service, role, project, or posix" + - rule: "self.type == 'service' || self.type == 'role' || self.type == 'project' || self.type == 'workspace' || self.type == 'posix'" + message: "Group type needs to be either service, role, project, workspace, or posix" required: - members - type From 4cb7668fbed24974c1f77b77f4d818aa68a3a1cc Mon Sep 17 00:00:00 2001 From: dwalters Date: Mon, 29 Jun 2026 09:58:42 -0400 Subject: [PATCH 2/2] adding in policies for workspaces --- files/rhea/user-policies.cedar | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/files/rhea/user-policies.cedar b/files/rhea/user-policies.cedar index ee275e8..2ab7dce 100644 --- a/files/rhea/user-policies.cedar +++ b/files/rhea/user-policies.cedar @@ -7,7 +7,7 @@ permit ( // These are wide open permit (principal, action, resource) -when { context.url like "*/home/projects/" || context.url like "*/home/" }; +when { context.url like "*/home/projects/" || context.url like "*/home/workspaces/" || context.url like "*/home/" }; permit ( principal in Group::"kuiper", @@ -25,6 +25,7 @@ when { context.url like "*/genesis/ansible*" || context.url like "*/genesis/projects*" || + context.url like "*/genesis/workspaces*" || context.url like "*/genesis/storage*" || context.url like "*/genesis/network*" || context.url like "*/genesis/license*" ||