From 7746d46d672f3811e95b1629db079a046dd4f8a5 Mon Sep 17 00:00:00 2001
From: rajashree <rajashree.28m@gmail.com>
Date: Mon, 4 Feb 2019 10:27:42 -0800
Subject: [PATCH] RBAC changes for globalDNS and multiclusterapp

1.Change member access types to match project/cluster roles: owner,member,read-only
2.Make projectIDs non updatable for globalDNS and multiclusterapp, add actions to update them
3.Make multiclusterappID non updatable for globalDNS, add action to update it
4.Add roles to multiclusterapp that reference roleTemplates
---
 apis/management.cattle.io/v3/globaldns_types.go  |  6 +++++-
 .../management.cattle.io/v3/multi_cluster_app.go | 10 ++++++++--
 apis/management.cattle.io/v3/schema/schema.go    | 16 ++++++++++++++++
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/apis/management.cattle.io/v3/globaldns_types.go b/apis/management.cattle.io/v3/globaldns_types.go
index 5678c630..34bb9137 100644
--- a/apis/management.cattle.io/v3/globaldns_types.go
+++ b/apis/management.cattle.io/v3/globaldns_types.go
@@ -19,7 +19,7 @@ type GlobalDNS struct {
 
 type GlobalDNSSpec struct {
 	FQDN                string   `json:"fqdn,omitempty" norman:"required"`
-	ProjectNames        []string `json:"projectNames" norman:"type=array[reference[project]]"`
+	ProjectNames        []string `json:"projectNames" norman:"type=array[reference[project]],noupdate"`
 	MultiClusterAppName string   `json:"multiClusterAppName,omitempty" norman:"type=reference[multiClusterApp]"`
 	ProviderName        string   `json:"providerName,omitempty" norman:"type=reference[globalDnsProvider],required"`
 	Members             []Member `json:"members,omitempty"`
@@ -57,3 +57,7 @@ type CloudflareProviderConfig struct {
 	APIKey     string `json:"apiKey" norman:"notnullable,required,minLength=1,type=password"`
 	APIEmail   string `json:"apiEmail" norman:"notnullable,required,minLength=1"`
 }
+
+type UpdateGlobalDNSTargetsInput struct {
+	ProjectNames []string `json:"projectNames" norman:"type=array[reference[project]]"`
+}
diff --git a/apis/management.cattle.io/v3/multi_cluster_app.go b/apis/management.cattle.io/v3/multi_cluster_app.go
index 039a45e6..cce6b33c 100644
--- a/apis/management.cattle.io/v3/multi_cluster_app.go
+++ b/apis/management.cattle.io/v3/multi_cluster_app.go
@@ -28,8 +28,9 @@ type MultiClusterApp struct {
 type MultiClusterAppSpec struct {
 	TemplateVersionName  string          `json:"templateVersionName,omitempty" norman:"type=reference[templateVersion],required"`
 	Answers              []Answer        `json:"answers,omitempty"`
-	Targets              []Target        `json:"targets,omitempty" norman:"required"`
+	Targets              []Target        `json:"targets,omitempty" norman:"required,noupdate"`
 	Members              []Member        `json:"members,omitempty"`
+	Roles                []string        `json:"roles,omitempty" norman:"type=array[reference[roleTemplate]]"`
 	RevisionHistoryLimit int             `json:"revisionHistoryLimit,omitempty" norman:"default=10"`
 	UpgradeStrategy      UpgradeStrategy `json:"upgradeStrategy,omitempty"`
 }
@@ -56,7 +57,7 @@ type Member struct {
 	UserPrincipalName  string `json:"userPrincipalName,omitempty" norman:"type=reference[principal]"`
 	DisplayName        string `json:"displayName,omitempty"`
 	GroupPrincipalName string `json:"groupPrincipalName,omitempty" norman:"type=reference[principal]"`
-	AccessType         string `json:"accessType,omitempty" norman:"type=enum,options=all|readonly|update"`
+	AccessType         string `json:"accessType,omitempty" norman:"type=enum,options=owner|member|read-only"`
 }
 
 type UpgradeStrategy struct {
@@ -80,3 +81,8 @@ type MultiClusterAppRevision struct {
 type MultiClusterAppRollbackInput struct {
 	RevisionName string `json:"revisionName,omitempty" norman:"type=reference[multiClusterAppRevision]"`
 }
+
+type UpdateMultiClusterAppTargetsInput struct {
+	Projects []string `json:"projects" norman:"type=array[reference[project]],required"`
+	Answers  []Answer `json:"answers" norman:"type=array[reference[answer]]"`
+}
diff --git a/apis/management.cattle.io/v3/schema/schema.go b/apis/management.cattle.io/v3/schema/schema.go
index 01493d72..50956d18 100644
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@@ -681,11 +681,18 @@ func multiClusterAppTypes(schemas *types.Schemas) *types.Schemas {
 		MustImport(&Version, v3.UpgradeStrategy{}).
 		MustImport(&Version, v3.MultiClusterAppRollbackInput{}).
 		MustImport(&Version, v3.MultiClusterAppRevision{}).
+		MustImport(&Version, v3.UpdateMultiClusterAppTargetsInput{}).
 		MustImportAndCustomize(&Version, v3.MultiClusterApp{}, func(schema *types.Schema) {
 			schema.ResourceActions = map[string]types.Action{
 				"rollback": {
 					Input: "multiClusterAppRollbackInput",
 				},
+				"addProjects": {
+					Input: "updateMultiClusterAppTargetsInput",
+				},
+				"removeProjects": {
+					Input: "updateMultiClusterAppTargetsInput",
+				},
 			}
 		})
 }
@@ -697,8 +704,17 @@ func globalDNSTypes(schemas *types.Schemas) *types.Schemas {
 		TypeName("globalDnsSpec", v3.GlobalDNSSpec{}).
 		TypeName("globalDnsStatus", v3.GlobalDNSStatus{}).
 		TypeName("globalDnsProviderSpec", v3.GlobalDNSProviderSpec{}).
+		MustImport(&Version, v3.UpdateGlobalDNSTargetsInput{}).
 		AddMapperForType(&Version, v3.GlobalDNS{}, m.Drop{Field: "namespaceId"}).
 		MustImportAndCustomize(&Version, v3.GlobalDNS{}, func(schema *types.Schema) {
+			schema.ResourceActions = map[string]types.Action{
+				"addProjects": {
+					Input: "updateGlobalDNSTargetsInput",
+				},
+				"removeProjects": {
+					Input: "updateGlobalDNSTargetsInput",
+				},
+			}
 		}).
 		MustImportAndCustomize(&Version, v3.GlobalDNSProvider{}, func(schema *types.Schema) {
 		})