admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0d2bdbc19cffbc45d85cc9de53f415f95aeb805
kubesphere/pkg/models/iam/policy/policy.go
hongming ed224612bc fix: runtime release 
Signed-off-by: hongming <talonwan@yunify.com>
2019-05-17 15:24:59 +08:00

1089 lines
26 KiB
Go
Raw Blame History

/*
Copyright 2019 The KubeSphere Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package policy
import (
"encoding/json"
"io/ioutil"
"kubesphere.io/kubesphere/pkg/models"
"k8s.io/api/rbac/v1"
)
const (
rulesConfigPath = "/etc/kubesphere/rules/rules.json"
clusterRulesConfigPath = "/etc/kubesphere/rules/clusterrules.json"
)
func init() {
rulesConfig, err := ioutil.ReadFile(rulesConfigPath)
if err == nil {
config := &[]models.Rule{}
json.Unmarshal(rulesConfig, config)
if len(*config) > 0 {
RoleRuleMapping = *config
}
}
clusterRulesConfig, err := ioutil.ReadFile(clusterRulesConfigPath)
if err == nil {
config := &[]models.Rule{}
json.Unmarshal(clusterRulesConfig, config)
if len(*config) > 0 {
ClusterRoleRuleMapping = *config
}
}
}
var (
ClusterRoleRuleMapping = []models.Rule{
{Name: "workspaces",
Actions: []models.Action{
{
Name: "manage",
Rules: []v1.PolicyRule{
{
Verbs: []string{"*"},
APIGroups: []string{"*"},
Resources: []string{"workspaces", "workspaces/*"},
},
},
},
},
},
{
Name: "monitoring",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"monitoring.kubesphere.io"},
Resources: []string{"*"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"health"},
}},
},
},
},
{
Name: "alerting",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "create",
Rules: []v1.PolicyRule{{
Verbs: []string{"create"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "delete",
Rules: []v1.PolicyRule{{
Verbs: []string{"delete"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
},
},
{
Name: "logging",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"logging.kubesphere.io"},
Resources: []string{"*"},
}},
},
},
},
{
Name: "accounts",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"users", "users/*"},
},
{
Verbs: []string{"get"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"rulesmapping"},
ResourceNames: []string{"clusterroles"},
},
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterrolebindings"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create", "get", "list"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"users"},
},
{
Verbs: []string{"get"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"clusterrules"},
ResourceNames: []string{"mapping"},
},
{
Verbs: []string{"create", "delete", "deletecollection"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterrolebindings"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list", "update", "patch"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"users"},
},
{
Verbs: []string{"create", "delete", "deletecollection"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterrolebindings"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete", "deletecollection"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"users"},
},
},
},
},
}, {
Name: "roles",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterroles"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"clusterroles", "clusterroles/*"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterroles"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterroles"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete", "deletecollection"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"clusterroles"},
},
},
},
},
}, {
Name: "storageclasses",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{"storage.k8s.io"},
Resources: []string{"storageclasses"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"storageclasses", "storageclasses/*"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"storage.k8s.io"},
Resources: []string{"storageclasses"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"storage.k8s.io"},
Resources: []string{"storageclasses"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete", "deletecollection"},
APIGroups: []string{"storage.k8s.io"},
Resources: []string{"storageclasses"},
},
},
},
},
}, {
Name: "nodes",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{""},
Resources: []string{"nodes", "events"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"nodes", "nodes/*"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"monitoring.kubesphere.io"},
Resources: []string{"nodes"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"nodes"},
},
},
},
},
}, {
Name: "repos",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"repos"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"repos"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"repos"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete", "deletecollection"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"repos"},
},
},
},
},
}, {
Name: "apps",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"apps", "clusters", "repos", "app_versions", "app_version/*"},
},
},
},
},
}, {
Name: "components",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"list", "get"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"components", "components/*"},
},
},
},
},
}}
RoleRuleMapping = []models.Rule{{
Name: "projects",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get"},
APIGroups: []string{"*"},
Resources: []string{"namespaces"},
},
{
Verbs: []string{"list"},
APIGroups: []string{"*"},
Resources: []string{"events"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"namespaces"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{""},
Resources: []string{"namespaces"},
},
},
},
},
},
{
Name: "monitoring",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"monitoring.kubesphere.io"},
Resources: []string{"*"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"health"},
}},
},
},
},
{
Name: "alerting",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{{
Verbs: []string{"get", "list"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "create",
Rules: []v1.PolicyRule{{
Verbs: []string{"create"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
{Name: "delete",
Rules: []v1.PolicyRule{{
Verbs: []string{"delete"},
APIGroups: []string{"alerting.kubesphere.io"},
Resources: []string{"*"},
}},
},
},
},
{
Name: "members",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"rbac.authorization.k8s.io", "resources.kubesphere.io"},
Resources: []string{"rolebindings"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{"iam.kubesphere.io"},
Resources: []string{"users"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"rolebindings"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "watch", "list", "create", "update", "patch"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"rolebindings"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"rolebindings"},
},
},
},
},
},
{
Name: "roles",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"rbac.authorization.k8s.io", "resources.kubesphere.io"},
Resources: []string{"roles"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"roles"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"patch", "update"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"roles"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"rbac.authorization.k8s.io"},
Resources: []string{"roles"},
},
},
},
},
},
{
Name: "deployments",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"apps", "extensions", "resources.kubesphere.io"},
Resources: []string{"deployments", "deployments/scale"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{""},
Resources: []string{"pods", "pods/*"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"deployments"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"deployments", "deployments/*"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"deployments"},
},
},
},
{Name: "scale",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"deployments/scale"},
},
},
},
},
}, {
Name: "statefulsets",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"apps", "resources.kubesphere.io"},
Resources: []string{"statefulsets"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{""},
Resources: []string{"pods", "pods/*"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"apps"},
Resources: []string{"statefulsets"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"apps"},
Resources: []string{"statefulsets"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"apps"},
Resources: []string{"statefulsets"},
},
},
},
{Name: "scale",
Rules: []v1.PolicyRule{
{
Verbs: []string{"patch"},
APIGroups: []string{"apps"},
Resources: []string{"statefulsets"},
},
},
},
},
}, {
Name: "daemonsets",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"apps", "extensions", "resources.kubesphere.io"},
Resources: []string{"daemonsets"},
},
{
Verbs: []string{"get", "list"},
APIGroups: []string{""},
Resources: []string{"pods", "pods/*"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"daemonsets"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"daemonsets"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"apps", "extensions"},
Resources: []string{"daemonsets"},
},
},
},
},
}, {
Name: "pods",
Actions: []models.Action{
{Name: "terminal",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get"},
APIGroups: []string{"terminal.kubesphere.io"},
Resources: []string{"pods"},
},
},
},
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"pods"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"*"},
Resources: []string{"pods"},
},
},
},
},
},
{
Name: "services",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"list", "get"},
APIGroups: []string{"", "resources.kubesphere.io"},
Resources: []string{"services"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{""},
Resources: []string{"services"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"services"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{""},
Resources: []string{"services"},
},
},
},
},
},
{
Name: "internet",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"router"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"router"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"router"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"resources.kubesphere.io"},
Resources: []string{"router"},
},
},
},
},
},
{
Name: "routes",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"extensions", "resources.kubesphere.io"},
Resources: []string{"ingresses"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"extensions"},
Resources: []string{"ingresses"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"extensions"},
Resources: []string{"ingresses"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"extensions"},
Resources: []string{"ingresses"},
},
},
},
},
}, {
Name: "volumes",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"", "resources.kubesphere.io"},
Resources: []string{"persistentvolumeclaims"},
},
},
},
{Name: "create",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{""},
Resources: []string{"persistentvolumeclaims"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"persistentvolumeclaims"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{""},
Resources: []string{"persistentvolumeclaims"},
},
},
},
},
}, {
Name: "applications",
Actions: []models.Action{
{Name: "view",
Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"resources.kubesphere.io", "app.k8s.io"},
Resources: []string{"applications"},
}, {
Verbs: []string{"get", "list"},
APIGroups: []string{"servicemesh.kubesphere.io"},
Resources: []string{"*"},
},
{
Verbs: []string{"list"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"repos", "app_versions"},
}, {
Verbs: []string{"get"},
APIGroups: []string{"openpitrix.io"},
Resources: []string{"app_version/*"},
},
},
},
{Name: "edit",
Rules: []v1.PolicyRule{
{
Verbs: []string{"create", "update", "patch"},
APIGroups: []string{"resources.kubesphere.io", "app.k8s.io"},
Resources: []string{"applications"},
}, {
Verbs: []string{"create", "update", "patch"},
APIGroups: []string{"servicemesh.kubesphere.io"},
Resources: []string{"*"},
},
},
},
{Name: "delete",
Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"resources.kubesphere.io", "app.k8s.io"},
Resources: []string{"applications"},
},
{
Verbs: []string{"delete"},
APIGroups: []string{"servicemesh.kubesphere.io"},
Resources: []string{"*"},
},
},
},
},
},
{
Name: "jobs",
Actions: []models.Action{
{Name: "view", Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"batch", "resources.kubesphere.io"},
Resources: []string{"jobs"},
},
}},
{Name: "create", Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"batch"},
Resources: []string{"jobs"},
},
}},
{Name: "edit", Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"batch"},
Resources: []string{"jobs"},
},
}},
{Name: "delete", Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"batch"},
Resources: []string{"jobs"},
},
}},
},
},
{
Name: "cronjobs",
Actions: []models.Action{
{Name: "view", Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"batch", "resources.kubesphere.io"},
Resources: []string{"cronjobs"},
},
}},
{Name: "create", Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{"batch"},
Resources: []string{"cronjobs"},
},
}},
{Name: "edit", Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{"batch"},
Resources: []string{"cronjobs"},
},
}},
{Name: "delete", Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{"batch"},
Resources: []string{"cronjobs"},
},
}},
},
},
{
Name: "secrets",
Actions: []models.Action{
{Name: "view", Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"", "resources.kubesphere.io"},
Resources: []string{"secrets"},
},
}},
{Name: "create", Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{""},
Resources: []string{"secrets"},
},
}},
{Name: "edit", Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"secrets"},
},
}},
{Name: "delete", Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{""},
Resources: []string{"secrets"},
},
}},
},
},
{
Name: "configmaps",
Actions: []models.Action{
{Name: "view", Rules: []v1.PolicyRule{
{
Verbs: []string{"get", "list"},
APIGroups: []string{"", "resources.kubesphere.io"},
Resources: []string{"configmaps"},
},
}},
{Name: "create", Rules: []v1.PolicyRule{
{
Verbs: []string{"create"},
APIGroups: []string{""},
Resources: []string{"configmaps"},
},
}},
{Name: "edit", Rules: []v1.PolicyRule{
{
Verbs: []string{"update", "patch"},
APIGroups: []string{""},
Resources: []string{"configmaps"},
},
}},
{Name: "delete", Rules: []v1.PolicyRule{
{
Verbs: []string{"delete"},
APIGroups: []string{""},
Resources: []string{"configmaps"},
},
}},
},
},
}
)
Reference in New Issue View Git Blame Copy Permalink