Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RoleTemplate CRD #5080

Merged
merged 2 commits into from
Jan 18, 2023
Merged

Add RoleTemplate CRD #5080

merged 2 commits into from
Jan 18, 2023

Conversation

zhou1203
Copy link
Member

@zhou1203 zhou1203 commented Jul 21, 2022
edited

What type of PR is this?

/kind feature
/kind api-change

What this PR does / why we need it:

In order to provide a more flexible permission control system, we will use the new IAM version v1beta1 to provide better compatibility for custom resource permission verification. The new version will provide the following APIs:

  • Category is used to mark the module of RoleTemplate
  • RoleTemplate is used to centrally manage the RoleTemplate.
  • WorspaceRole added some fields to mark the RoleTemplate that aggregates this WorkspaceRole
  • Role added some fields to mark the RoleTemplate that aggregates this Role
  • ClusterRole added some fields to mark the RoleTemplate that aggregates this ClusterRole
  • GlobalRole added some fields to mark the RoleTemplate that aggregates this GlobalRole

Which issue(s) this PR fixes:

Fixes #

Special notes for reviewers:

Does this PR introduced a user-facing change?

Add new api version iam v1beta1

@ks-ci-bot ks-ci-bot added kind/feature Categorizes issue or PR as related to a new feature. do-not-merge/release-note-label-needed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 21, 2022
@zhou1203
Copy link
Member Author

/cc @wansir

@ks-ci-bot ks-ci-bot requested a review from wansir July 21, 2022 03:30
@zhou1203
Copy link
Member Author

/retest

@zhou1203 zhou1203 changed the title Add RoleTemplate CRD [WIP] Add RoleTemplate CRD Jul 21, 2022
@ks-ci-bot ks-ci-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 21, 2022
@zhou1203 zhou1203 changed the title [WIP] Add RoleTemplate CRD Add RoleTemplate CRD Jul 25, 2022
@ks-ci-bot ks-ci-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jul 25, 2022
@zhou1203
Copy link
Member Author

/kind api-change

@ks-ci-bot ks-ci-bot added the kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API label Jul 27, 2022
@zhou1203
Copy link
Member Author

/assign @wansir

@zhou1203 zhou1203 mentioned this pull request Aug 9, 2022
Open
@zhou1203 zhou1203 changed the title Add RoleTemplate CRD [WIP]Add RoleTemplate CRD Aug 31, 2022
@ks-ci-bot ks-ci-bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 31, 2022
@zhou1203 zhou1203 force-pushed the roletemplate branch 2 times, most recently from 61edab8 to 3eed589 Compare September 5, 2022 03:21
@zhou1203 zhou1203 changed the title [WIP]Add RoleTemplate CRD Add RoleTemplate CRD Sep 26, 2022
@ks-ci-bot ks-ci-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 26, 2022
@zhou1203 zhou1203 requested a review from wansir December 2, 2022 10:17
wansir
wansir reviewed Jan 11, 2023
View reviewed changes
staging/src/kubesphere.io/api/iam/v1alpha2/roletemplate_type.go Outdated
Comment on lines 27 to 34
type RoleTemplate struct {
metav1.TypeMeta `json:",inline"`

// +optional
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec RoleTemplateSpec `json:"spec"`
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

apiVersion: iam.kubesphere.io/v1alpha2
kind: RoleTemplate
metadata:
  name: global-view-clusters
  labels:
    scope.iam.kubesphere.io/global: ""
    iam.kubesphere.io/category: 'cluster-management'
spec:
  displayName:
    zh-CN: '集群查看'
    en: 'View Clusters'
  description:
    zh-CN: '平台中所有集群下资源的查看权限'
  rules:
    - apiGroups:
        - '*'
      resources:
        - clusters
      verbs:
        - get
        - list

@ks-ci-bot ks-ci-bot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 12, 2023
@zhou1203
Copy link
Member Author

/retest

@ks-ci-bot ks-ci-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Jan 17, 2023
@zhou1203
add iam v1beta1 type
dcdce72 
Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>
@zhou1203
update type register
4023604 
Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
@wansir
Copy link
Member

wansir commented Jan 18, 2023

/lgtm
/approve

@ks-ci-bot ks-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Jan 18, 2023
@ks-ci-bot
Copy link
Collaborator

LGTM label has been added.

Git tree hash: 3f9877d06eabc63b1a7b2c3fa0ddb0af037bb842

@ks-ci-bot ks-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 18, 2023
@zhou1203 zhou1203 requested review from wansir and removed request for wansir January 18, 2023 03:23
@wansir wansir merged commit cd109ec into kubesphere:master Jan 18, 2023
@ks-ci-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wansir, zhou1203

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sologgfun pushed a commit to sologgfun/kubesphere that referenced this pull request Apr 24, 2023
@zhou1203 @sologgfun
Add RoleTemplate CRD (kubesphere#5080)
6ad84aa 
* add iam v1beta1 type

Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>

* update type register

Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>

Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>
Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
wanjunlei pushed a commit to wanjunlei/kubesphere that referenced this pull request Aug 11, 2023
@zhou1203 @wanjunlei
Add RoleTemplate CRD (kubesphere#5080)
50b7cb1 
* add iam v1beta1 type

Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>

* update type register

Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>

Signed-off-by: Wenhao Zhou <wenhaozhou@yunify.com>
Signed-off-by: wenhaozhou <wenhaozhou@yunify.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wansir wansir wansir approved these changes

Assignees

@wansir wansir

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. release-note size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@zhou1203 @wansir @ks-ci-bot