diff --git a/src/test/ks-core/templates/builtinroles.yaml b/src/test/ks-core/templates/builtinroles.yaml index d2c81f40..2bb48b65 100644 --- a/src/test/ks-core/templates/builtinroles.yaml +++ b/src/test/ks-core/templates/builtinroles.yaml @@ -11,6 +11,7 @@ role: aggregationRoleTemplates: roleSelector: matchLabels: + iam.kubesphere.io/scope: "namespace" kubesphere.io/managed: "true" apiVersion: iam.kubesphere.io/v1beta1 kind: Role @@ -45,6 +46,7 @@ role: matchLabels: iam.kubesphere.io/aggregate-to-operator: "" kubesphere.io/managed: "true" + iam.kubesphere.io/scope: "namespace" apiVersion: iam.kubesphere.io/v1beta1 kind: Role metadata: @@ -98,6 +100,7 @@ role: matchLabels: iam.kubesphere.io/aggregate-to-viewer: "" kubesphere.io/managed: "true" + iam.kubesphere.io/scope: "namespace" apiVersion: iam.kubesphere.io/v1beta1 kind: Role metadata: @@ -126,8 +129,9 @@ metadata: iam.kubesphere.io/scope: "workspace" role: aggregationRoleTemplates: - roleSelectors: - - matchLabels: {} + roleSelector: + matchLabels: + iam.kubesphere.io/scope: 'workspace' templateNames: - workspace-manage-workspace-settings - workspace-view-workspace-settings @@ -170,6 +174,7 @@ role: roleSelector: matchLabels: iam.kubesphere.io/aggregate-to-regular: "" + iam.kubesphere.io/scope: "workspace" templateNames: - workspace-view-workspace-settings apiVersion: iam.kubesphere.io/v1beta1 @@ -204,6 +209,7 @@ role: roleSelector: matchLabels: iam.kubesphere.io/aggregate-to-self-provisioner: "" + iam.kubesphere.io/scope: "workspace" templateNames: - workspace-create-projects - workspace-view-workspace-settings @@ -229,6 +235,7 @@ role: aggregationRoleTemplates: roleSelector: matchLabels: + iam.kubesphere.io/scope: "workspace" iam.kubesphere.io/aggregate-to-viewer: "" templateNames: - workspace-view-projects diff --git a/src/test/ks-core/templates/roletemplates.yaml b/src/test/ks-core/templates/roletemplates.yaml index 313b33ea..c76a10cf 100644 --- a/src/test/ks-core/templates/roletemplates.yaml +++ b/src/test/ks-core/templates/roletemplates.yaml @@ -1218,8 +1218,8 @@ metadata: name: namespace-view-project-settings spec: description: - en: 'View project settings including project basic information, external access settings, network policies and resource quotas settings.' - zh: '查看项目设置,包括项目基本信息、外部访问设置、网络策略、资源配额等。' + en: 'View project settings including project basic information, external access settings and resource quotas settings.' + zh: '查看项目设置,包括项目基本信息、外部访问设置、资源配额等。' displayName: en: Project Settings Viewing zh: '项目设置查看' @@ -1230,6 +1230,20 @@ spec: - 'namespaces' verbs: - 'get' + - apiGroups: + - 'resources.kubesphere.io' + resources: + - 'quotas' + - 'metrics' + verbs: + - 'list' + - apiGroups: + - '' + resources: + - 'limitranges' + verbs: + - 'list' + --- apiVersion: iam.kubesphere.io/v1beta1 @@ -1244,8 +1258,8 @@ metadata: name: namespace-manage-project-settings spec: description: - en: 'Manage project settings including project basic information, external access settings, network policies and resource quotas settings.' - zh: '管理项目设置,包括项目基本信息、外部访问设置、网络策略、资源配额等。' + en: 'Manage project settings including project basic information, external access settings and resource quotas settings.' + zh: '管理项目设置,包括项目基本信息、外部访问设置、资源配额等。' displayName: en: Project Settings Management zh: '项目设置管理' @@ -1281,7 +1295,7 @@ spec: - apiGroups: - '*' resources: - - members + - namespacemembers - rolebindings verbs: - get @@ -1311,7 +1325,7 @@ spec: - apiGroups: - '*' resources: - - members + - namespacemembers - rolebindings verbs: - '*'