Teams and Users

User represents a user that has been loaded from a configured Identity Provider (IdP) that can log into the platform. Currently, users are automatically synchronized by TSB from a configured LDAP server.

The following example creates a user named john under the organization myorg.

apiVersion: api.tsb.tetrate.io/v2
kind: User
metadata:
  name: john
  organization: myorg
spec:
  loginName: john
  firstName: John
  lastName: Doe
  displayName: John Doe
  email: john.doe@acme.com

Team is a named collection of users, service accounts, and other teams. Teams can be assigned access permissions on various resources. All members of a team inherit the access permissions assigned to the team.

The following example creates a team named org under the organization myorg with all members of product1 and product2 teams, users alice and bob, and the local user cluster1-tsb-agent used by the service bridge agents in cluster cluster1.

apiVersion: api.tsb.tetrate.io/v2
kind: Team
metadata:
  name: org
  organization: myorg
spec:
  members:
  - tenants/mycompany/users/alice
  - tenants/mycompany/users/bob
  - tenants/mycompany/teams/product1
  - tenants/mycompany/teams/product2
  - tenants/mycompany/users/cluster1-tsb-agent

SourceType

SourceType describes where teams come from. Teams can be synchronized from the Identity Provider but can also be manually created using the Team API to create convenient groupings of users and other teams in order to configure fine-grained permissions in the Management Plane.

Name	Number	Description
INVALID	0
LDAP	1	LDAP is used for users and teams that are automatically synchronized from LDAP.
LOCAL	2	LOCAL is used for local teams that are manually created using the TSB Team API and do not exist in the Identity Provider. Deprecated. This value is deprecated and will be removed in future releases. Use 'MANUAL' instead.
AZURE	3	AZURE is used for users synchronized from an Azure Active Directory.
MANUAL	4	MANUAL is used for users that exist in the Identity Provider that have been manually populated.

Team

Team is a named collection of users under a tenant.

Field	Description	Validation Rule
members	List of string List of members under the team. The elements of this list are the FQNs of the team members. Team members can be users, service accounts or other teams.	–
sourceType	tetrateio.api.tsb.v2.SourceType Where the team comes from. It can be a local team that exists only in TSB (type LOCAL) or it can be a team that has been synchronized from the Identity Provider (for example: type LDAP).	enum = {   defined_only: true }

User

User represents a user from the Identity Provider that is allowed to log into the platform.

Field	Description	Validation Rule
loginName	string REQUIRED The username used in the login credentials.	string = {   min_len: 1 }
firstName	string The first name of the user.	–
lastName	string The last name of the user, if any.	–
email	string Email for the user where alerts and other notifications will be sent.	–
sourceType	tetrateio.api.tsb.v2.SourceType Where the user comes from. It can be a local user that exists only in TSB (type LOCAL) or it can be a user that has been synchronized from the Identity Provider (for example: type LDAP).	enum = {   defined_only: true }