RBAC changes for globalDNS and multiclusterapp

1.Change member access types to match project/cluster roles: owner,member,read-only 2.Make projectIDs non updatable for globalDNS and multiclusterapp, add actions to update them 3.Make multiclusterappID non updatable for globalDNS, add action to update it 4.Add roles to multiclusterapp that reference roleTemplates
2025-09-24 19:39:13 +00:00 · 2019-02-04 10:27:42 -08:00
parent 304eef54e2
commit 7746d46d67
3 changed files with 29 additions and 3 deletions
--- a/apis/management.cattle.io/v3/globaldns_types.go
+++ b/apis/management.cattle.io/v3/globaldns_types.go
@@ -19,7 +19,7 @@ type GlobalDNS struct {

 type GlobalDNSSpec struct {
 	FQDN                string   `json:"fqdn,omitempty" norman:"required"`
-	ProjectNames        []string `json:"projectNames" norman:"type=array[reference[project]]"`
+	ProjectNames        []string `json:"projectNames" norman:"type=array[reference[project]],noupdate"`
 	MultiClusterAppName string   `json:"multiClusterAppName,omitempty" norman:"type=reference[multiClusterApp]"`
 	ProviderName        string   `json:"providerName,omitempty" norman:"type=reference[globalDnsProvider],required"`
 	Members             []Member `json:"members,omitempty"`
@@ -57,3 +57,7 @@ type CloudflareProviderConfig struct {
 	APIKey     string `json:"apiKey" norman:"notnullable,required,minLength=1,type=password"`
 	APIEmail   string `json:"apiEmail" norman:"notnullable,required,minLength=1"`
 }
+
+type UpdateGlobalDNSTargetsInput struct {
+	ProjectNames []string `json:"projectNames" norman:"type=array[reference[project]]"`
+}
--- a/apis/management.cattle.io/v3/multi_cluster_app.go
+++ b/apis/management.cattle.io/v3/multi_cluster_app.go
@@ -28,8 +28,9 @@ type MultiClusterApp struct {
 type MultiClusterAppSpec struct {
 	TemplateVersionName  string          `json:"templateVersionName,omitempty" norman:"type=reference[templateVersion],required"`
 	Answers              []Answer        `json:"answers,omitempty"`
-	Targets              []Target        `json:"targets,omitempty" norman:"required"`
+	Targets              []Target        `json:"targets,omitempty" norman:"required,noupdate"`
 	Members              []Member        `json:"members,omitempty"`
+	Roles                []string        `json:"roles,omitempty" norman:"type=array[reference[roleTemplate]]"`
 	RevisionHistoryLimit int             `json:"revisionHistoryLimit,omitempty" norman:"default=10"`
 	UpgradeStrategy      UpgradeStrategy `json:"upgradeStrategy,omitempty"`
 }
@@ -56,7 +57,7 @@ type Member struct {
 	UserPrincipalName  string `json:"userPrincipalName,omitempty" norman:"type=reference[principal]"`
 	DisplayName        string `json:"displayName,omitempty"`
 	GroupPrincipalName string `json:"groupPrincipalName,omitempty" norman:"type=reference[principal]"`
-	AccessType         string `json:"accessType,omitempty" norman:"type=enum,options=all|readonly|update"`
+	AccessType         string `json:"accessType,omitempty" norman:"type=enum,options=owner|member|read-only"`
 }

 type UpgradeStrategy struct {
@@ -80,3 +81,8 @@ type MultiClusterAppRevision struct {
 type MultiClusterAppRollbackInput struct {
 	RevisionName string `json:"revisionName,omitempty" norman:"type=reference[multiClusterAppRevision]"`
 }
+
+type UpdateMultiClusterAppTargetsInput struct {
+	Projects []string `json:"projects" norman:"type=array[reference[project]],required"`
+	Answers  []Answer `json:"answers" norman:"type=array[reference[answer]]"`
+}
--- a/apis/management.cattle.io/v3/schema/schema.go
+++ b/apis/management.cattle.io/v3/schema/schema.go
@@ -681,11 +681,18 @@ func multiClusterAppTypes(schemas *types.Schemas) *types.Schemas {
 		MustImport(&Version, v3.UpgradeStrategy{}).
 		MustImport(&Version, v3.MultiClusterAppRollbackInput{}).
 		MustImport(&Version, v3.MultiClusterAppRevision{}).
+		MustImport(&Version, v3.UpdateMultiClusterAppTargetsInput{}).
 		MustImportAndCustomize(&Version, v3.MultiClusterApp{}, func(schema *types.Schema) {
 			schema.ResourceActions = map[string]types.Action{
 				"rollback": {
 					Input: "multiClusterAppRollbackInput",
 				},
+				"addProjects": {
+					Input: "updateMultiClusterAppTargetsInput",
+				},
+				"removeProjects": {
+					Input: "updateMultiClusterAppTargetsInput",
+				},
 			}
 		})
 }
@@ -697,8 +704,17 @@ func globalDNSTypes(schemas *types.Schemas) *types.Schemas {
 		TypeName("globalDnsSpec", v3.GlobalDNSSpec{}).
 		TypeName("globalDnsStatus", v3.GlobalDNSStatus{}).
 		TypeName("globalDnsProviderSpec", v3.GlobalDNSProviderSpec{}).
+		MustImport(&Version, v3.UpdateGlobalDNSTargetsInput{}).
 		AddMapperForType(&Version, v3.GlobalDNS{}, m.Drop{Field: "namespaceId"}).
 		MustImportAndCustomize(&Version, v3.GlobalDNS{}, func(schema *types.Schema) {
+			schema.ResourceActions = map[string]types.Action{
+				"addProjects": {
+					Input: "updateGlobalDNSTargetsInput",
+				},
+				"removeProjects": {
+					Input: "updateGlobalDNSTargetsInput",
+				},
+			}
 		}).
 		MustImportAndCustomize(&Version, v3.GlobalDNSProvider{}, func(schema *types.Schema) {
 		})