4 files changed, 24 insertions, 27 deletions

diff --git a/manifests/base/auth_model.ini b/manifests/base/auth_model.ini
new file mode 100644
index 0000000..9ca4b92
--- /dev/null
+++ b/manifests/base/auth_model.ini
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
diff --git a/manifests/base/cm.yaml b/manifests/base/cm.yaml
deleted file mode 100644
index dcf1787..0000000
--- a/manifests/base/cm.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
-apiVersion: v1
-data:
-  policy.csv: |
-    g, role:admin, role:maintainers
-    g, uid:admin, role:admin
-    g, uid:maintainer, role:maintainers
-    g, aid:bot+argo, role:bots
-    g, anon, role:anon
-  auth_model.ini: |
-    [request_definition]
-    r = sub, obj, act
-
-    [policy_definition]
-    p = sub, obj, act
-
-    [role_definition]
-    g = _, _
-
-    [policy_effect]
-    e = some(where (p.eft == allow))
-
-    [matchers]
-    m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
-kind: ConfigMap
-metadata:
-  name: go-git-server-policy
diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml
index 481c41d..96eec50 100644
--- a/manifests/base/kustomization.yaml
+++ b/manifests/base/kustomization.yaml
@@ -2,10 +2,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 metadata:
   name: go-git-server
+
 resources:
-- cm.yaml
 - svc.yaml
 - deploy.yaml
+
+configMapGenerator:
+- name: go-git-server-policy
+  files:
+  - auth_model.ini=auth_model.ini
+  - policies/public.csv=policies/public.csv
+
 labels:
 - includeSelectors: true
   pairs:
diff --git a/manifests/base/policies/public.csv b/manifests/base/policies/public.csv
new file mode 100644
index 0000000..63da3cf
--- /dev/null
+++ b/manifests/base/policies/public.csv
@@ -0,0 +1,2 @@
+g, anon, role:anon
+g, role:admin, role:maintainers