From 09d86788b372dcc37d52e1e639b2af4ed3679329 Mon Sep 17 00:00:00 2001 From: Scot Wells Date: Wed, 20 May 2026 12:52:06 -0500 Subject: [PATCH 1/2] feat: add compute roles to assignable organization roles Owner and Editor gain compute.datumapis.com-admin; Viewer gains compute.datumapis.com-viewer, so organization members have access to compute resources consistent with their role level. Co-Authored-By: Claude Sonnet 4.6 --- .../assignable-organization-roles/roles/datum-cloud-editor.yaml | 2 ++ .../assignable-organization-roles/roles/datum-cloud-owner.yaml | 2 ++ .../assignable-organization-roles/roles/datum-cloud-viewer.yaml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/config/assignable-organization-roles/roles/datum-cloud-editor.yaml b/config/assignable-organization-roles/roles/datum-cloud-editor.yaml index 6cb0ac9..e6b04cb 100644 --- a/config/assignable-organization-roles/roles/datum-cloud-editor.yaml +++ b/config/assignable-organization-roles/roles/datum-cloud-editor.yaml @@ -24,3 +24,5 @@ spec: namespace: milo-system - name: dns.networking.miloapis.com-dns-admin namespace: milo-system + - name: compute.datumapis.com-admin + namespace: milo-system diff --git a/config/assignable-organization-roles/roles/datum-cloud-owner.yaml b/config/assignable-organization-roles/roles/datum-cloud-owner.yaml index 4e8e15e..43173b0 100644 --- a/config/assignable-organization-roles/roles/datum-cloud-owner.yaml +++ b/config/assignable-organization-roles/roles/datum-cloud-owner.yaml @@ -26,3 +26,5 @@ spec: namespace: milo-system - name: iam-user-invitations-admin namespace: milo-system + - name: compute.datumapis.com-admin + namespace: milo-system diff --git a/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml b/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml index 99d327d..c7b135b 100644 --- a/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml +++ b/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml @@ -26,3 +26,5 @@ spec: namespace: milo-system - name: activity.miloapis.com-viewer namespace: milo-system + - name: compute.datumapis.com-viewer + namespace: milo-system From 0d7921ff34d8e11005d122976282d4f2aef9f06f Mon Sep 17 00:00:00 2001 From: Scot Wells Date: Wed, 20 May 2026 13:58:52 -0500 Subject: [PATCH 2/2] feat: add location-viewer role to datum-cloud viewer assignable role Grant view access to location resources directly on the viewer assignable org role rather than through the networking-viewer hierarchy, since locations are expected to move out of the networking group. Co-Authored-By: Claude Sonnet 4.6 --- .../assignable-organization-roles/roles/datum-cloud-viewer.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml b/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml index 2c66136..dc320fa 100644 --- a/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml +++ b/config/assignable-organization-roles/roles/datum-cloud-viewer.yaml @@ -34,3 +34,5 @@ spec: namespace: milo-system - name: compute.datumapis.com-viewer namespace: milo-system + - name: networking.datumapis.com-location-viewer + namespace: milo-system