diff --git a/.github/workflows/apply-omni.yml b/.github/workflows/apply-omni.yml index e49532f..a316c23 100644 --- a/.github/workflows/apply-omni.yml +++ b/.github/workflows/apply-omni.yml @@ -12,7 +12,7 @@ jobs: curl -L -o omnictl https://cedille.omni.siderolabs.io/omnictl/omnictl-linux-amd64 chmod +x omnictl - run: | - for i in omni/*.yaml; do ./omnictl apply -f "$i"; done + eval-all '. as $item ireduce ({}; . *+ $item )' omni/*.acl.yaml | ./omnictl apply -f - env: OMNI_ENDPOINT: ${{vars.OMNI_ENDPOINT}} OMNI_SERVICE_ACCOUNT_KEY: ${{secrets.OMNI_SERVICE_ACCOUNT_KEY}} diff --git a/omni/base.acl.yaml b/omni/base.acl.yaml new file mode 100644 index 0000000..42bf274 --- /dev/null +++ b/omni/base.acl.yaml @@ -0,0 +1,4 @@ +"metadata": + "id": "omni-acl" + "namespace": "default" + "type": "AccessPolicies.omni.sidero.dev" \ No newline at end of file diff --git a/omni/compilade.acl.yaml b/omni/compilade.acl.yaml index ee1a0fe..0594421 100644 --- a/omni/compilade.acl.yaml +++ b/omni/compilade.acl.yaml @@ -1,8 +1,3 @@ -# MANAGED BY TERRAFORM; DO NOT MODIFY -"metadata": - "id": "compilade-acl" - "namespace": "default" - "type": "AccessPolicies.omni.sidero.dev" "spec": "rules": - "clusters": diff --git a/omni/lamiphil.acl.yaml b/omni/lamiphil.acl.yaml index 501546f..eec0292 100644 --- a/omni/lamiphil.acl.yaml +++ b/omni/lamiphil.acl.yaml @@ -1,8 +1,4 @@ # MANAGED BY TERRAFORM; DO NOT MODIFY -"metadata": - "id": "lamiphil-acl" - "namespace": "default" - "type": "AccessPolicies.omni.sidero.dev" "spec": "rules": - "clusters": diff --git a/terraform/modules/user/main.tf b/terraform/modules/user/main.tf index 807960d..d98bf91 100644 --- a/terraform/modules/user/main.tf +++ b/terraform/modules/user/main.tf @@ -18,11 +18,6 @@ resource "github_repository_file" "omni_acl" { content = join("\n", [ "# MANAGED BY TERRAFORM; DO NOT MODIFY", yamlencode({ - metadata = { - namespace = "default" - type = "AccessPolicies.omni.sidero.dev" - id = "${var.github_username}-acl" - } spec = { rules = [{ users = [var.github_email]