-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RoleTemplate CRD #5080
Add RoleTemplate CRD #5080
Conversation
/cc @wansir |
/retest |
/kind api-change |
/assign @wansir |
61edab8
to
3eed589
Compare
cce9768
to
4b2ece3
Compare
3c16729
to
109add9
Compare
staging/src/kubesphere.io/api/iam/v1alpha2/roletemplate_type.go
Outdated
Show resolved
Hide resolved
staging/src/kubesphere.io/api/iam/v1alpha2/roletemplate_type.go
Outdated
Show resolved
Hide resolved
type RoleTemplate struct { | ||
metav1.TypeMeta `json:",inline"` | ||
|
||
// +optional | ||
metav1.ObjectMeta `json:"metadata,omitempty"` | ||
|
||
Spec RoleTemplateSpec `json:"spec"` | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
apiVersion: iam.kubesphere.io/v1alpha2
kind: RoleTemplate
metadata:
name: global-view-clusters
labels:
scope.iam.kubesphere.io/global: ""
iam.kubesphere.io/category: 'cluster-management'
spec:
displayName:
zh-CN: '集群查看'
en: 'View Clusters'
description:
zh-CN: '平台中所有集群下资源的查看权限'
rules:
- apiGroups:
- '*'
resources:
- clusters
verbs:
- get
- list
1e3b552
to
722dd57
Compare
/retest |
722dd57
to
23aea8c
Compare
Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>
Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
23aea8c
to
4023604
Compare
/lgtm |
LGTM label has been added. Git tree hash: 3f9877d06eabc63b1a7b2c3fa0ddb0af037bb842
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wansir, zhou1203 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* add iam v1beta1 type Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com> * update type register Signed-off-by: wenhaozhou <wenhaozhou@yunify.com> Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com> Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
* add iam v1beta1 type Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com> * update type register Signed-off-by: wenhaozhou <wenhaozhou@yunify.com> Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com> Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
What type of PR is this?
/kind feature
/kind api-change
What this PR does / why we need it:
In order to provide a more flexible permission control system, we will use the new IAM version
v1beta1
to provide better compatibility for custom resource permission verification. The new version will provide the following APIs:Which issue(s) this PR fixes:
Fixes #
Special notes for reviewers:
Does this PR introduced a user-facing change?