fix ACL groups for demonstration

SimplyMinimal · Apr 22, 2024 · d206572 · d206572
1 parent 6c2ac30
commit d206572
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/policy.hujson b/policy.hujson
@@ -14,6 +14,10 @@
 
 		// Site Reliability Engineers
 		"group:sre": ["sre@example.com"],
+
+		// General Employees
+		"group:all staff": ["all staff@example.com"],
+		"group:dev team": ["dev team@example.com"]
 	},
 
 	"hosts": {
@@ -68,13 +72,13 @@
 		// Domain Controller can hit all client machines
 		{
 			"action": "accept",
-			"src":    ["group:all staff@example.com"],
+			"src":    ["group:all staff"],
 			"dst":    ["tag:domain-controller:*"],
 		},
 		{
 			"action": "accept",
 			"src":    ["tag:domain-controller"],
-			"dst":    ["group:all staff@example.com:*"],
+			"dst":    ["group:all staff:*"],
 		},
 
 		// allow domain controllers to talk to other domain controllers
@@ -96,7 +100,7 @@
 		// Grant Dev Team and their pipeline access
 		{
 			"action": "accept",
-			"src":    ["group:dev team@example.com" , "tag:ci"],
+			"src":    ["group:dev team" , "tag:ci"],
 			"dst": ["uat1:22"],
 		},