migrate legacy API

Signed-off-by: hongming <talonwan@yunify.com>
2020-04-20 07:01:43 +08:00
parent 3f89eaef7e
commit 7db2ba662c
103 changed files with 5962 additions and 2363 deletions
--- a/config/samples/iam_v1alpha2_globalrole.yaml
+++ b/config/samples/iam_v1alpha2_globalrole.yaml
@@ -0,0 +1,14 @@
+apiVersion: iam.kubesphere.io/v1alpha2
+kind: GlobalRole
+metadata:
+  labels:
+    controller-tools.k8s.io: "1.0"
+  name: global-admin
+rules:
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+
--- a/config/samples/iam_v1alpha2_globalrolebinding.yaml
+++ b/config/samples/iam_v1alpha2_globalrolebinding.yaml
@@ -1,14 +1,14 @@
 apiVersion: iam.kubesphere.io/v1alpha2
-kind: RoleBinding
+kind: GlobalRoleBinding
 metadata:
  labels:
    controller-tools.k8s.io: "1.0"
-  name: cluster-admin
-scope: Global
+    iam.kubesphere.io/single-user-bind: admin
+  name: admin
 roleRef:
  apiGroup: iam.kubesphere.io/v1alpha2
-  kind: Role
-  name: cluster-admin
+  kind: GlobalRole
+  name: global-admin
 subjects:
  - apiGroup: iam.kubesphere.io/v1alpha2
    kind: User
--- a/config/samples/iam_v1alpha2_policyrule.yaml
+++ b/config/samples/iam_v1alpha2_policyrule.yaml
@@ -1,55 +0,0 @@
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: PolicyRule
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: always-allow
-scope: Global
-rego: 'package authz\ndefault allow = true'
-
---
-
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: PolicyRule
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: always-deny
-scope: Global
-rego: ｜
-  package authz
-  default allow = false
-
---
-
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: PolicyRule
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: cluster-manage
-scope: Global
-rego: ｜
-  package authz
-  default allow = false
-  allow {
-    input.Resource == 'clusters'
-  }
-
---
-
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: PolicyRule
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: some-namespace-manage
-scope: Namespace
-rego: ｜
-  package authz
-  default allow = false
-  allow {
-  input.Resource == 'clusters'
-  }
-
-
--- a/config/samples/iam_v1alpha2_role.yaml
+++ b/config/samples/iam_v1alpha2_role.yaml
@@ -1,30 +0,0 @@
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: Role
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: cluster-admin
-target:
-  scope: Global
-  name: ''
-rules:
-  - apiGroup: iam.kubesphere.io/v1alpha2
-    kind: PolicyRule
-    name: always-allow
-
---
-
-apiVersion: iam.kubesphere.io/v1alpha2
-kind: Role
-metadata:
-  labels:
-    controller-tools.k8s.io: "1.0"
-  name: anonymous
-target:
-  scope: Global
-  name: ''
-rules:
-  - apiGroup: iam.kubesphere.io/v1alpha2
-    kind: PolicyRule
-    name: always-deny
-