apiVersion: v1
data:
  policy.csv: |
    g, role:admin, role:maintainers
    g, uid:admin, role:admin
    g, uid:grumps, role:maintainers
    g, aid:argo, role:bots
  auth_model.ini: |
    [request_definition]                                    
    r = sub, obj, act                                       
                                                            
    [policy_definition]                                     
    p = sub, obj, act                                       
                                                            
    [role_definition]                                       
    g = _, _                                                
                                                            
    [policy_effect]                                         
    e = some(where (p.eft == allow))                        
                                                            
    [matchers]                                              
    m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act 
kind: ConfigMap
metadata:
  name: go-git-server-policy