-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In role creation form, group resources by API group and scope #4888
Comments
Specifically, at least For project roles, all the cluster management/Norman resources should be filtered out, because a project role shouldn't need anything at the global scope. |
QA TemplateRoot causeThe group of resources was a flat list which placed the burden on the user to go and google the resource or look up documentation if they wanted to find out the API group that corresponded to a certain resource. What was fixed, or what changes have occurredThe resource list is no longer flat. It has been replaced with a nested object that has global, cluster and namespace scopes, and inside each scope it has each API group in that scope, and inside each API group are the resources that go inside the group. The UI now uses that nested structure to figure out whether to show global or cluster scoped resources in the role creation forms, and it also uses that nested structure to figure out which API group should be auto-populated when you select a resource. Areas or cases that should be testedTo test that the resources are grouped by their API group,
For verifying the scope, there are five forms to look at. 1. Global role creation formThis is at Users & Authentication > Roles > Global > Create Global Role. It should have global, cluster and project scoped resources. 2. Cluster role creation formThis is at Users & Authentication > Roles > Cluster > Create Cluster Role. The resources options there should have cluster- and namespace-scoped resources, but no global resources. 3. Project role creation formThis is at Users & Authentication > Roles > Project/Namespaces > Create Project/Namespace Role. The resources options there should have only namespace-scoped resources, no cluster or global resources. 4. Kubernetes Role resource creation formThis is at Cluster Explorer > More Resources > RBAC > Roles. The resources options there should have only namespace-scoped resources, no cluster or global resources. 5. Kubernetes ClusterRole resource creation formThis is at Cluster Explorer > More Resources > RBAC > ClusterRoles. The resources options there should have cluster- and namespace-scoped resources, no global resources. What areas could experience regressions?Editing/creating roles, role detail pages Are the repro steps accurate/minimal?This is more of an enhancement, so there aren't repro steps. |
Confirmed with @catherineluse and @gaktive to add |
✅ PASSEDReproduction EnvironmentNot required.Validation Environment
Validation stepsGlobal role creation form
Additional InfoRESULTS✅ ExpectedExpect for this drop down to be grouped in a logical order ✅ActualThe drop down is grouped in a logical order Additional Tests
|
Per customer feedback in docs issue #2698. @gaktive
Reference: Rancher Resource dropdown under Project Role.
Per feedback from @cbron and @catherineluse, please filter out deprecated resources, group related items, and/or provide guidance within the UI for anything ambiguous. Docs can annotate what the resources are and what the source is, but based on feedback, the greater concern is making sure users understand what accesses they should be granting under these.
The 2.6.x equivalent is:
![Screen Shot 2022-01-31 at 5 25 31 PM](https://user-images.githubusercontent.com/20599230/152012340-919d9ca4-fe13-4ffb-a012-a7588d2998b2.png)
gz#12301
SURE-2434
The text was updated successfully, but these errors were encountered: