d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9963ff4de00d8024601747b9d649b69198aa5542
Sankofa/cloudflare/access-policies.yaml
defiQUG 9daf1fd378 Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements 
- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00

264 lines
5.4 KiB
YAML
Raw Blame History

# Cloudflare Zero Trust Access Policies
# These policies control who can access which applications
apiVersion: v1
kind: ConfigMap
metadata:
name: cloudflare-access-policies
namespace: default
data:
# Portal Access Policy
portal-policy: |
{
"name": "Portal Access",
"application": {
"domain": "portal.sankofa.nexus",
"name": "Hybrid Cloud Portal"
},
"policies": [
{
"name": "Allow Authenticated Users",
"decision": "allow",
"include": [
{
"email": {
"domain": "sankofa.nexus"
}
}
],
"require": [
{
"email": {
"domain": "sankofa.nexus"
}
}
],
"session_duration": "24h"
},
{
"name": "Require MFA for Admins",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "8h"
}
]
}
# Rancher Access Policy
rancher-policy: |
{
"name": "Rancher Access",
"application": {
"domain": "rancher.sankofa.nexus",
"name": "Rancher UI"
},
"policies": [
{
"name": "Allow Admin Group",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
},
{
"group": {
"name": "platform-engineers"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "4h"
}
]
}
# ArgoCD Access Policy
argocd-policy: |
{
"name": "ArgoCD Access",
"application": {
"domain": "argocd.sankofa.nexus",
"name": "ArgoCD GitOps"
},
"policies": [
{
"name": "Allow Platform Engineers",
"decision": "allow",
"include": [
{
"group": {
"name": "platform-engineers"
}
},
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "8h"
}
]
}
# Grafana Access Policy
grafana-policy: |
{
"name": "Grafana Access",
"application": {
"domain": "grafana.sankofa.nexus",
"name": "Grafana Dashboards"
},
"policies": [
{
"name": "Allow All Authenticated",
"decision": "allow",
"include": [
{
"email": {
"domain": "sankofa.nexus"
}
}
],
"session_duration": "24h"
}
]
}
# Vault Access Policy
vault-policy: |
{
"name": "Vault Access",
"application": {
"domain": "vault.sankofa.nexus",
"name": "HashiCorp Vault"
},
"policies": [
{
"name": "Allow Admin Group Only",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "2h"
}
]
}
# Proxmox API Access Policy
proxmox-api-policy: |
{
"name": "Proxmox API Access",
"application": {
"domain": "proxmox-api.sankofa.nexus",
"name": "Proxmox API"
},
"policies": [
{
"name": "Allow Service Accounts",
"decision": "allow",
"include": [
{
"service_token": {
"name": "crossplane-proxmox-token"
}
}
],
"session_duration": "1h"
},
{
"name": "Allow Platform Engineers",
"decision": "allow",
"include": [
{
"group": {
"name": "platform-engineers"
}
}
],
"require": [
{
"mfa": {}
}
],
"session_duration": "4h"
}
]
}
# Keycloak Access Policy
keycloak-policy: |
{
"name": "Keycloak Access",
"application": {
"domain": "keycloak.sankofa.nexus",
"name": "Keycloak Admin"
},
"policies": [
{
"name": "Allow Admin Group Only",
"decision": "allow",
"include": [
{
"group": {
"name": "admins"
}
}
],
"require": [
{
"mfa": {}
},
{
"device_posture": {
"check": "managed_device"
}
}
],
"session_duration": "2h"
}
]
}
Reference in New Issue View Git Blame Copy Permalink