From 98bb8aa10503f7e917914dcdf024593d17554463 Mon Sep 17 00:00:00 2001
From: rmweir <ricardo.weir1@gmail.com>
Date: Mon, 28 Oct 2019 11:00:06 -0700
Subject: [PATCH 1/2] Allow all methods for global role and add builtin

Allow methods are now technically possible for global roles and
RBAC will be used to define each user's permissions for them.
The builtin field has been added to distinguish between rancher
created and user created global roles. This is comparable to
role templates.
---
 apis/management.cattle.io/v3/authz_types.go   | 7 ++++---
 apis/management.cattle.io/v3/schema/schema.go | 5 +----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/apis/management.cattle.io/v3/authz_types.go b/apis/management.cattle.io/v3/authz_types.go
index dc59ac9f..af410e32 100644
--- a/apis/management.cattle.io/v3/authz_types.go
+++ b/apis/management.cattle.io/v3/authz_types.go
@@ -63,10 +63,11 @@ type GlobalRole struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`
 
-	DisplayName    string              `json:"displayName,omitempty" norman:"required,noupdate"`
-	Description    string              `json:"description" norman:"noupdate"`
-	Rules          []rbacv1.PolicyRule `json:"rules,omitempty" norman:"noupdate"`
+	DisplayName    string              `json:"displayName,omitempty" norman:"required"`
+	Description    string              `json:"description"`
+	Rules          []rbacv1.PolicyRule `json:"rules,omitempty"`
 	NewUserDefault bool                `json:"newUserDefault,omitempty" norman:"required"`
+	Builtin        bool                `json:"builtin" norman:"nocreate,noupdate"`
 }
 
 type GlobalRoleBinding struct {
diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go
index 5ee2e836..edefc27e 100644
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@@ -308,10 +308,7 @@ func authzTypes(schemas *types.Schemas) *types.Schemas {
 				},
 			}
 		}).
-		MustImportAndCustomize(&Version, v3.GlobalRole{}, func(schema *types.Schema) {
-			schema.CollectionMethods = []string{http.MethodGet}
-			schema.ResourceMethods = []string{http.MethodGet, http.MethodPut}
-		}).
+		MustImport(&Version, v3.GlobalRole{}).
 		MustImport(&Version, v3.GlobalRoleBinding{}).
 		MustImport(&Version, v3.RoleTemplate{}).
 		MustImport(&Version, v3.PodSecurityPolicyTemplate{}).

From cfe871c1a7e51e211cf8eb26c6919d1c86871325 Mon Sep 17 00:00:00 2001
From: rmweir <ricardo.weir1@gmail.com>
Date: Mon, 11 Nov 2019 18:33:31 -0700
Subject: [PATCH 2/2] go generate

---
 client/management/v3/zz_generated_global_role.go | 2 ++
 compose/zz_generated_compose.go                  | 1 +
 2 files changed, 3 insertions(+)

diff --git a/client/management/v3/zz_generated_global_role.go b/client/management/v3/zz_generated_global_role.go
index 85a8c4d7..fa43e1f3 100644
--- a/client/management/v3/zz_generated_global_role.go
+++ b/client/management/v3/zz_generated_global_role.go
@@ -7,6 +7,7 @@ import (
 const (
 	GlobalRoleType                 = "globalRole"
 	GlobalRoleFieldAnnotations     = "annotations"
+	GlobalRoleFieldBuiltin         = "builtin"
 	GlobalRoleFieldCreated         = "created"
 	GlobalRoleFieldCreatorID       = "creatorId"
 	GlobalRoleFieldDescription     = "description"
@@ -22,6 +23,7 @@ const (
 type GlobalRole struct {
 	types.Resource
 	Annotations     map[string]string `json:"annotations,omitempty" yaml:"annotations,omitempty"`
+	Builtin         bool              `json:"builtin,omitempty" yaml:"builtin,omitempty"`
 	Created         string            `json:"created,omitempty" yaml:"created,omitempty"`
 	CreatorID       string            `json:"creatorId,omitempty" yaml:"creatorId,omitempty"`
 	Description     string            `json:"description,omitempty" yaml:"description,omitempty"`
diff --git a/compose/zz_generated_compose.go b/compose/zz_generated_compose.go
index 098c65a3..794445bb 100644
--- a/compose/zz_generated_compose.go
+++ b/compose/zz_generated_compose.go
@@ -15,6 +15,7 @@ type Config struct {
 	NodeDrivers                              map[string]managementClient.NodeDriver                              `json:"nodeDrivers,omitempty" yaml:"nodeDrivers,omitempty"`
 	NodeTemplates                            map[string]managementClient.NodeTemplate                            `json:"nodeTemplates,omitempty" yaml:"nodeTemplates,omitempty"`
 	Projects                                 map[string]managementClient.Project                                 `json:"projects,omitempty" yaml:"projects,omitempty"`
+	GlobalRoles                              map[string]managementClient.GlobalRole                              `json:"globalRoles,omitempty" yaml:"globalRoles,omitempty"`
 	GlobalRoleBindings                       map[string]managementClient.GlobalRoleBinding                       `json:"globalRoleBindings,omitempty" yaml:"globalRoleBindings,omitempty"`
 	RoleTemplates                            map[string]managementClient.RoleTemplate                            `json:"roleTemplates,omitempty" yaml:"roleTemplates,omitempty"`
 	PodSecurityPolicyTemplates               map[string]managementClient.PodSecurityPolicyTemplate               `json:"podSecurityPolicyTemplates,omitempty" yaml:"podSecurityPolicyTemplates,omitempty"`