mirror of
https://github.com/kubevela/kubevela.git
synced 2026-05-17 06:46:47 +00:00
044c4bf73c
* Feat: add the rbac data model Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some api about the project Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the project and the project user Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add CRUD about the role and perm check filter function Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: update swagger config Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add default roles and perm policies Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add perm check filter for all webservice Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change the method that find project name Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: query applications and envs by user perm Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: support get login user info Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change default permissions Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: change PermPolicy to Permission Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Feat: add some unit test and fix the e2e test error Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: change some comment word Signed-off-by: barnettZQG <barnett.zqg@gmail.com> * Fix: e2e api path error Signed-off-by: barnettZQG <barnett.zqg@gmail.com>
1.3 KiB
1.3 KiB
RBAC
User:
name: user
userRoles: ["app-developer"]
...
ProjectUser:
username: user
project: demo
userRoles: ["app-developer"]
Role:
name: app-developer
project: demo
permissions: ["app-manage"]
name: admin
permissions: ["all"]
Permission:
name: app-manage
project: demo
resource: ["project:demo/application:*"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
name: app1-manage
project: demo
resource: ["project:demo/application:app1/*"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
name: app2-manage
project: demo
resource: ["project:demo/application:app2/*"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
name: cluster-manage
resource: ["cluster:*"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
name: cluster-beijing-manage
resource: ["cluster:beijing"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
name: all
resource: ["*"]
actions: ["*"]
effect: Allow
principal: {}
condition: {}
PermissionTemplate:
name: app-manage
resource: ["project:${projectName}/application:*"]
actions: ["*"]
level: project
effect: Allow
principal: {}
condition: {}
name: deny-delete-cluster
resource: ["cluster:*"]
actions: ["delete"]
level: platform
effect: Deny