Access control is a powerful system for managing user and group access in a single place. Updates are applied near-instantly (within seconds) to destination infrastructure, making it possible to escalate and revoke a user's access on-demand.
Access is managed via Access Grants. These records determine determine who can access what with which permission or role. Grants tie three components together to enable access:
- A user or group (e.g.
- A role (e.g.
- A resource (e.g.
Infra allows granting different levels of access via roles, such as
admin. Different infrastructure destinations support different roles. For example, view a list of roles supported by Kubernetes.
A resource is an infrastructure resource managed by Infra. Examples include:
- A Kubernetes cluster (e.g.
- A Kubernetes namespace (e.g.
To grant access, use
infra grants add. Note: the user you grant access to must already exist. To grant a user the
edit role on a cluster named
infra grants add firstname.lastname@example.org staging --role edit
Note: the same command can be used to grant access to a group using the boolean
infra grants add --group engineering staging --role edit
To revoke access, use
infra grants remove:
infra grants remove email@example.com staging --role edit
infra grants list USER ROLE DESTINATION firstname.lastname@example.org edit development email@example.com view production GROUP ROLE DESTINATION Engineering edit development.monitoring Engineering view production Design edit development.web