Skip to main content
Version: 1.4.x

Teams and Users

User represents a user that has been loaded from a configured Identity Provider (IdP) that can log into the platform. Currently, users are automatically synchronized by TSB from a configured LDAP server.

The following example creates a user named john under the organization myorg.

apiVersion: api.tsb.tetrate.io/v2
kind: User
metadata:
name: john
organization: myorg
spec:
loginName: john
firstName: John
lastName: Doe
displayName: John Doe
email: john.doe@acme.com

Team is a named collection of users, service accounts, and other teams. Teams can be assigned access permissions on various resources. All members of a team inherit the access permissions assigned to the team.

The following example creates a team named org under the organization myorg with all members of product1 and product2 teams, users alice and bob, and the local user cluster1-tsb-agent used by the service bridge agents in cluster cluster1.

apiVersion: api.tsb.tetrate.io/v2
kind: Team
metadata:
name: org
organization: myorg
spec:
members:
- tenants/mycompany/users/alice
- tenants/mycompany/users/bob
- tenants/mycompany/teams/product1
- tenants/mycompany/teams/product2
- tenants/mycompany/users/cluster1-tsb-agent

SourceType

SourceType describes where teams come from. Teams can be synchronized from the Identity Provider but can also be manually created using the Team API to create convenient groupings of users and other teams in order to configure fine-grained permissions in the Management Plane.

NameNumberDescription

INVALID

0

LDAP

1

LDAP is used for users and teams that are automatically synchronized from LDAP.

LOCAL

2

LOCAL is used for local teams that are manually created using the TSB Team API and do not exist in the Identity Provider. Deprecated. This value is deprecated and will be removed in future releases. Use 'MANUAL' instead.

AZURE

3

AZURE is used for users synchronized from an Azure Active Directory.

MANUAL

4

MANUAL is used for users that exist in the Identity Provider that have been manually populated.

Team

Team is a named collection of users under a tenant.

FieldDescriptionValidation Rule

members

List of string
List of members under the team. The elements of this list are the FQNs of the team members. Team members can be users, service accounts or other teams.

sourceType

tetrateio.api.tsb.v2.SourceType
Where the team comes from. It can be a local team that exists only in TSB (type LOCAL) or it can be a team that has been synchronized from the Identity Provider (for example: type LDAP).

enum = {
  defined_only: true
}

User

User represents a user from the Identity Provider that is allowed to log into the platform.

FieldDescriptionValidation Rule

loginName

string
REQUIRED
The username used in the login credentials.

string = {
  min_len: 1
}

firstName

string
The first name of the user.

lastName

string
The last name of the user, if any.

email

string
Email for the user where alerts and other notifications will be sent.

sourceType

tetrateio.api.tsb.v2.SourceType
Where the user comes from. It can be a local user that exists only in TSB (type LOCAL) or it can be a user that has been synchronized from the Identity Provider (for example: type LDAP).

enum = {
  defined_only: true
}