admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hide internal user

Browse Source 
Signed-off-by: hongming <talonwan@yunify.com>
This commit is contained in:
hongming
2019-04-28 12:22:07 +08:00
committed by zryfish
parent 9a530c2cec
commit ebd681770e
9 changed files with 186 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
pkg/models/iam/policy/policy.go
View File

@@ -60,47 +60,13 @@ var (
{Name: "workspaces",
Actions: []models.Action{
{
Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"tenant.kubesphere.io"},
Resources: []string{"workspaces"},
},
},
},
{
Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"tenant.kubesphere.io"},
Resources: []string{"workspaces"},
},
},
},
{Name: "edit",
Name: "manager",
Rules: []v1.PolicyRule{
{
Verbs: []string{"*"},
APIGroups: []string{"tenant.kubesphere.io", "monitoring.kubesphere.io"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
},
{
Verbs: []string{"*"},
APIGroups: []string{""},
Resources: []string{"namespaces"},
},
{
Verbs: []string{"*"},
APIGroups: []string{"", "apps", "extensions", "batch", "resources.kubesphere.io"},
Resources: []string{"serviceaccounts", "limitranges", "deployments", "configmaps", "secrets", "jobs", "cronjobs", "persistentvolumeclaims", "statefulsets", "daemonsets", "ingresses", "services", "pods/*", "pods", "events", "deployments/scale"},
},
{
Verbs: []string{"*"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"rolebindings", "roles"},
},
},
},
},
@@ -121,6 +87,32 @@ var (
},
},
},
{
Name: "alerting",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "create",
Rules: []v1.PolicyRule{{
Verbs: []string{"create"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "delete",
Rules: []v1.PolicyRule{{
Verbs: []string{"delete"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
},
},
{
Name: "logging",
Actions: []models.Action{
@@ -210,12 +202,6 @@ var (
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterroles"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"kubesphere.io"},
ResourceNames: []string{"cluster-roles"},
Resources: []string{"resources"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"iam.kubesphere.io"},
@@ -411,12 +397,12 @@ var (
Rules: []v1.PolicyRule{
{
Verbs: []string{"get"},
APIGroups: []string{""},
APIGroups: []string{"*"},
Resources: []string{"namespaces"},
},
{
Verbs: []string{"list"},
APIGroups: []string{""},
APIGroups: []string{"*"},
Resources: []string{"events"},
},
},
@@ -441,6 +427,49 @@ var (
},
},
},
{
Name: "monitoring",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"monitoring.kubesphere.io"},
Resources: []string{"*"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"health"},
}},
},
},
},
{
Name: "alerting",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "create",
Rules: []v1.PolicyRule{{
Verbs: []string{"create"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "delete",
Rules: []v1.PolicyRule{{
Verbs: []string{"delete"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
},
},
{
Name: "members",
Actions: []models.Action{