diff --git a/src/test/ks-core/templates/builtinroles.yaml b/src/test/ks-core/templates/builtinroles.yaml index 9c72448e..d2c81f40 100644 --- a/src/test/ks-core/templates/builtinroles.yaml +++ b/src/test/ks-core/templates/builtinroles.yaml @@ -127,7 +127,7 @@ metadata: role: aggregationRoleTemplates: roleSelectors: - - matchLabels: { } + - matchLabels: {} templateNames: - workspace-manage-workspace-settings - workspace-view-workspace-settings @@ -216,7 +216,7 @@ role: labels: iam.kubesphere.io/auto-aggregate: "true" name: self-provisioner - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 diff --git a/src/test/ks-core/templates/clusterroles.yaml b/src/test/ks-core/templates/clusterroles.yaml index 9f95c20f..e1937796 100644 --- a/src/test/ks-core/templates/clusterroles.yaml +++ b/src/test/ks-core/templates/clusterroles.yaml @@ -3,6 +3,7 @@ kind: ClusterRole metadata: annotations: kubesphere.io/creator: system + kubesphere.io/description: '{"zh": "管理集群中的所有资源。", "en": "Manage all resources in the cluster."}' name: cluster-admin aggregationRoleTemplates: roleSelector: @@ -27,6 +28,7 @@ kind: ClusterRole metadata: annotations: kubesphere.io/creator: system + kubesphere.io/description: '{"zh": "查看集群中的所有资源。", "en": "View all resources in the cluster."}' name: cluster-viewer aggregationRoleTemplates: roleSelector: diff --git a/src/test/ks-core/templates/roletemplate-categories.yaml b/src/test/ks-core/templates/roletemplate-categories.yaml index b36162c1..bd33a5e1 100644 --- a/src/test/ks-core/templates/roletemplate-categories.yaml +++ b/src/test/ks-core/templates/roletemplate-categories.yaml @@ -1,4 +1,3 @@ -{{ if eq .Values.role "host" }} --- apiVersion: iam.kubesphere.io/v1beta1 kind: Category @@ -90,20 +89,6 @@ spec: en: Cluster Settings zh: '集群设置' ---- -apiVersion: iam.kubesphere.io/v1beta1 -kind: Category -metadata: - labels: - iam.kubesphere.io/scope: "cluster" - kubesphere.io/managed: 'true' - name: cluster-network-management -spec: - displayName: - en: Network - zh: '网络' - - --- apiVersion: iam.kubesphere.io/v1beta1 kind: Category @@ -232,5 +217,4 @@ metadata: spec: displayName: en: Project Settings - zh: '项目设置' -{{ end }} \ No newline at end of file + zh: '项目设置' \ No newline at end of file diff --git a/src/test/ks-core/templates/roletemplates.yaml b/src/test/ks-core/templates/roletemplates.yaml index 6866e2e6..313b33ea 100644 --- a/src/test/ks-core/templates/roletemplates.yaml +++ b/src/test/ks-core/templates/roletemplates.yaml @@ -1,4 +1,3 @@ -{{ if eq .Values.role "host" }} # global scope role templates --- apiVersion: iam.kubesphere.io/v1beta1 @@ -8,11 +7,13 @@ metadata: iam.kubesphere.io/role-template-rules: '{"workspaces": "create"}' labels: iam.kubesphere.io/category: global-workspace-management - iam.kubesphere.io/hidden-role-template: "true" iam.kubesphere.io/scope: "global" kubesphere.io/managed: "true" name: global-create-workspaces spec: + description: + en: 'Create workspaces and become an administrator of the created projects.' + zh: '创建企业空间。' displayName: en: Workspace Creation zh: '企业空间创建' @@ -38,6 +39,9 @@ metadata: kubesphere.io/managed: "true" name: global-view-workspaces spec: + description: + en: 'View all workspaces and workspace resources.' + zh: '查看所有工作空间和企业空间下的资源。' displayName: en: Workspace Viewing zh: 企业空间查看 @@ -121,11 +125,13 @@ metadata: iam.kubesphere.io/role-template-rules: '{"workspaces": "manage"}' labels: iam.kubesphere.io/category: global-workspace-management - iam.kubesphere.io/hidden-role-template: "true" iam.kubesphere.io/scope: "global" kubesphere.io/managed: "true" name: global-manage-workspaces spec: + description: + en: 'Manage all workspaces and workspace resources.' + zh: '管理所有企业空间和企业空间下的资源。' displayName: en: Workspace Management zh: '企业空间管理' @@ -208,6 +214,9 @@ metadata: kubesphere.io/managed: "true" name: global-view-clusters spec: + description: + en: 'View all clusters and cluster resources.' + zh: '查看所有集群和集群资源。' displayName: en: Cluster Viewing zh: '集群查看' @@ -269,12 +278,16 @@ metadata: annotations: iam.kubesphere.io/dependencies: '["global-view-clusters"]' iam.kubesphere.io/role-template-rules: '{"clusters": "manage"}' + kubesphere.io/description: '{"zh":"创建集群、删除集群和管理集群中的所有资源。"}' labels: iam.kubesphere.io/category: global-cluster-management iam.kubesphere.io/scope: "global" kubesphere.io/managed: "true" name: global-manage-clusters spec: + description: + en: 'Create clusters, delete clusters, and manage resources in all clusters.' + zh: '创建集群、删除集群和管理集群中的所有资源。' displayName: en: Cluster Management zh: '集群管理' @@ -332,6 +345,9 @@ metadata: kubesphere.io/managed: "true" name: global-manage-platform-settings spec: + description: + zh: '查看和编辑 KubeSphere 平台的设置。' + en: 'View and edit settings of the KubeSphere platform.' displayName: en: Platform Settings Management zh: '平台设置管理' @@ -362,6 +378,9 @@ metadata: kubesphere.io/managed: "true" name: global-view-roles spec: + description: + en: 'View platform roles.' + zh: '查看平台角色。' displayName: en: Role Viewing zh: '角色查看' @@ -388,6 +407,9 @@ metadata: kubesphere.io/managed: "true" name: global-manage-roles spec: + description: + en: 'Manage platform roles.' + zh: '管理平台角色。' displayName: en: Role Management zh: '角色管理' @@ -411,6 +433,9 @@ metadata: kubesphere.io/managed: "true" name: global-view-users spec: + description: + en: 'View users.' + zh: '查看用户。' displayName: en: User Viewing zh: '用户查看' @@ -438,6 +463,9 @@ metadata: kubesphere.io/managed: "true" name: global-manage-users spec: + description: + en: 'Manage users.' + zh: '管理用户。' displayName: en: User Management zh: '用户管理' @@ -469,7 +497,7 @@ spec: displayName: en: Cluster Settings View zh: '集群设置查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -486,7 +514,7 @@ spec: displayName: en: Cluster Settings Management zh: '集群设置管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -495,7 +523,7 @@ metadata: annotations: iam.kubesphere.io/role-template-rules: '{"customresources": "view"}' labels: - iam.kubesphere.io/category: cluster-resources-management + iam.kubesphere.io/category: cluster-resource-management iam.kubesphere.io/scope: "cluster" iam.kubesphere.io/aggregate-to-cluster-viewer: "" kubesphere.io/managed: "true" @@ -503,8 +531,8 @@ metadata: spec: displayName: en: Custom Resource Definition Viewing - zh: 'CRD查看' - rules: [ ] + zh: '定制资源定义查看' + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -513,15 +541,15 @@ metadata: annotations: iam.kubesphere.io/role-template-rules: '{"customresources": "manage"}' labels: - iam.kubesphere.io/category: cluster-resources-management + iam.kubesphere.io/category: cluster-resource-management iam.kubesphere.io/scope: "cluster" kubesphere.io/managed: "true" name: cluster-manage-crds spec: displayName: en: Custom Resource Definition Management - zh: 'CRD管理' - rules: [ ] + zh: '定制资源定义管理' + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -539,7 +567,7 @@ spec: displayName: en: Member Viewing zh: '成员查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -557,7 +585,7 @@ spec: displayName: en: Member Management zh: '成员管理' - rules: [ ] + rules: [] --- @@ -577,7 +605,7 @@ spec: displayName: en: Role Viewing zh: '角色查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -595,43 +623,7 @@ spec: displayName: en: Role Management zh: '角色管理' - rules: [ ] - - ---- -apiVersion: iam.kubesphere.io/v1beta1 -kind: RoleTemplate -metadata: - annotations: - iam.kubesphere.io/role-template-rules: '{"networkpolicies": "view"}' - labels: - iam.kubesphere.io/category: cluster-network-management - iam.kubesphere.io/scope: "cluster" - kubesphere.io/managed: 'true' - name: cluster-view-network-resources -spec: - displayName: - en: Network Resource Viewing - zh: '网络资源查看' - rules: [ ] - ---- -apiVersion: iam.kubesphere.io/v1beta1 -kind: RoleTemplate -metadata: - annotations: - iam.kubesphere.io/dependencies: '["cluster-view-network-resources"]' - iam.kubesphere.io/role-template-rules: '{"networkpolicies": "manage"}' - labels: - iam.kubesphere.io/category: cluster-network-management - iam.kubesphere.io/scope: "cluster" - kubesphere.io/managed: 'true' - name: cluster-manage-network-resources -spec: - displayName: - en: Network Resource Management - zh: '网络资源管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -648,7 +640,7 @@ spec: displayName: en: Node Viewing zh: '节点查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -666,7 +658,7 @@ spec: displayName: en: Node Management zh: '节点管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -684,7 +676,7 @@ spec: displayName: en: Project Resource Viewing zh: '项目资源查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -702,7 +694,7 @@ spec: displayName: en: Project Resource Management zh: '项目资源管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -720,7 +712,7 @@ spec: displayName: en: Project Viewing zh: '项目查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -738,7 +730,7 @@ spec: displayName: en: Project Management zh: '项目管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -757,7 +749,7 @@ spec: displayName: en: Storage Class Viewing zh: '存储类查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -775,7 +767,7 @@ spec: displayName: en: Storage Class Management zh: '存储类管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -793,7 +785,7 @@ spec: displayName: en: Persistent Volume Claim Viewing zh: '持久卷声明查看' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -811,7 +803,7 @@ spec: displayName: en: Persistent Volume Claim Management zh: '持久卷声明管理' - rules: [ ] + rules: [] --- apiVersion: iam.kubesphere.io/v1beta1 @@ -829,7 +821,7 @@ spec: displayName: en: System Component Viewing zh: '系统组件查看' - rules: [ ] + rules: [] # workspace scope role templates --- @@ -847,6 +839,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-view-workspace-settings spec: + description: + en: 'View workspace settings.' + zh: '查看企业空间设置。' displayName: en: Workspace Settings Viewing zh: '企业空间设置查看' @@ -868,10 +863,14 @@ metadata: iam.kubesphere.io/role-template-rules: '{"workspace-settings": "manage"}' labels: iam.kubesphere.io/category: workspace-settings + iam.kubesphere.io/hidden-role-template: 'true' iam.kubesphere.io/scope: "workspace" kubesphere.io/managed: 'true' name: workspace-manage-workspace-settings spec: + description: + en: 'Manage workspace settings and edit workspace information and network policies.' + zh: '管理企业空间的基本信息、网络策略等设置。' displayName: en: Workspace Settings Management zh: '企业空间设置管理' @@ -896,6 +895,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-create-projects spec: + description: + en: 'Create projects and become an administrator of the created projects.' + zh: '创建项目并成为所创建的项目的管理员。' displayName: en: Project Creation zh: '项目创建' @@ -934,6 +936,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-view-projects spec: + description: + en: 'View all projects and project resources.' + zh: '查看企业空间中的所有项目及项目下的资源。' displayName: en: Project Viewing zh: '项目查看' @@ -1012,6 +1017,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-manage-projects spec: + description: + en: 'Create, edit, and delete projects in the workspace.' + zh: '创建、编辑和删除企业空间中的项目。' displayName: en: Project Management zh: '项目管理' @@ -1083,12 +1091,14 @@ metadata: iam.kubesphere.io/role-template-rules: '{"members": "view"}' labels: iam.kubesphere.io/category: workspace-access-control - iam.kubesphere.io/hidden-role-template: "true" iam.kubesphere.io/scope: "workspace" iam.kubesphere.io/aggregate-to-viewer: "" kubesphere.io/managed: 'true' name: workspace-view-members spec: + description: + en: 'View workspace members.' + zh: '查看企业空间成员。' displayName: en: Member Viewing zh: '成员查看' @@ -1115,6 +1125,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-manage-members spec: + description: + en: 'Manage workspace members.' + zh: '管理企业空间成员。' displayName: en: Member Management zh: '成员管理' @@ -1148,6 +1161,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-view-roles spec: + description: + en: 'View workspace roles.' + zh: '查看企业空间角色。' displayName: en: Role Viewing zh: "角色查看" @@ -1174,6 +1190,9 @@ metadata: kubesphere.io/managed: 'true' name: workspace-manage-roles spec: + description: + en: 'Manage workspace roles.' + zh: '管理企业空间角色。' displayName: en: Role Management zh: '角色管理' @@ -1198,6 +1217,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-project-settings spec: + description: + en: 'View project settings including project basic information, external access settings, network policies and resource quotas settings.' + zh: '查看项目设置,包括项目基本信息、外部访问设置、网络策略、资源配额等。' displayName: en: Project Settings Viewing zh: '项目设置查看' @@ -1221,6 +1243,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-project-settings spec: + description: + en: 'Manage project settings including project basic information, external access settings, network policies and resource quotas settings.' + zh: '管理项目设置,包括项目基本信息、外部访问设置、网络策略、资源配额等。' displayName: en: Project Settings Management zh: '项目设置管理' @@ -1246,6 +1271,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-members spec: + description: + en: 'View project members.' + zh: '查看项目成员。' displayName: en: Member Viewing zh: '成员查看' @@ -1273,6 +1301,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-members spec: + description: + en: 'Manage project members.' + zh: '管理项目成员。' displayName: en: Member Management zh: '成员管理' @@ -1300,6 +1331,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-roles spec: + description: + en: 'View project roles.' + zh: '查看项目角色。' displayName: en: Role Viewing zh: '角色查看' @@ -1326,6 +1360,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-roles spec: + description: + en: 'Manage project roles.' + zh: '管理项目角色。' displayName: en: Role Management zh: '角色管理' @@ -1353,6 +1390,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-app-workloads spec: + description: + en: 'View resources such as applications, services, workloads and jobs in the project.' + zh: '查看项目中的应用、服务、工作负载和任务等资源。' displayName: en: Application Workload Viewing zh: '应用负载查看' @@ -1398,6 +1438,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-app-workloads spec: + description: + en: 'Manage resources such as applications, services, workloads and jobs in the project.' + zh: '管理项目中的应用、服务、工作负载和任务等资源。' displayName: en: Application Workload Management zh: '应用负载管理' @@ -1447,6 +1490,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-configmaps spec: + description: + en: 'View configmaps in the project.' + zh: '查看项目中的配置字典。' displayName: en: ConfigMap Viewing zh: '配置字典查看' @@ -1474,6 +1520,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-configmaps spec: + description: + en: 'Create, edit, and delete configmaps in the project.' + zh: '创建、编辑和删除项目中的配置字典。' displayName: en: ConfigMap Management zh: '配置字典管理' @@ -1499,6 +1548,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-secrets spec: + description: + en: 'View secrets in the project.' + zh: '查看项目中的保密字典。' displayName: en: Secret Viewing zh: '保密字典查看' @@ -1526,6 +1578,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-secrets spec: + description: + en: 'Create, edit, and delete secrets in the project.' + zh: '创建、编辑和删除项目中的保密字典。' displayName: en: Secret Management zh: '保密字典管理' @@ -1552,6 +1607,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-serviceaccount spec: + description: + en: 'View service accounts in the project.' + zh: '查看项目中的服务账户。' displayName: en: Service Account Viewing zh: '服务账户查看' @@ -1579,6 +1637,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-serviceaccount spec: + description: + en: 'Create, edit, and delete service accounts in the project.' + zh: '创建、编辑和删除项目中的服务帐户。' displayName: en: Service Account Management zh: '服务账户管理' @@ -1605,6 +1666,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-view-volumes spec: + description: + en: 'View persistent volume claims in the project.' + zh: '查看项目中的持久卷声明。' displayName: en: Volume Viewing zh: '持久卷声明查看' @@ -1638,6 +1702,9 @@ metadata: kubesphere.io/managed: "true" name: namespace-manage-volumes spec: + description: + en: 'Create, edit, and delete persistent volume claims in the project.' + zh: '创建、编辑和删除项目中的持久卷声明。' displayName: en: Volume Management zh: 持久卷声明管理 @@ -1653,5 +1720,4 @@ spec: resources: - pods verbs: - - list -{{ end }} \ No newline at end of file + - list \ No newline at end of file diff --git a/src/test/ks-core/templates/webhook.yaml b/src/test/ks-core/templates/webhook.yaml index 937b0da7..da06e684 100644 --- a/src/test/ks-core/templates/webhook.yaml +++ b/src/test/ks-core/templates/webhook.yaml @@ -82,6 +82,8 @@ webhooks: - CREATE resources: - pods + - persistentvolumeclaims + - services scope: '*' sideEffects: None