- RBAC Role type improvements
- Remove rule 'Non-Resource URL' field. RBAC role type is namespaced, non-resource url's are not.
- Apply additional validation (
- rule resource AND api group required, rather than default rule resource, non-resource url or api group required
- name is required
- Show Required indicator for all fields (reflecting validation)
- Other Role type improvements
- Show Required indicator for rule Verbs field
- This does mean that when the page initially loads we show an empty rule row with required fields... but user can ignore this and successfully save the role anyway. The alternative is to not show an empty rule to begin with... but this forces the user to `Add Resource`. I feel the later is more of an issue than the former.
- name is required
- Removed unused code (setVerb/getVerb)
- Improve handling of empty strings when setting arrays in a rule
- Remove required field for api groups for non-rancher types (rbac role/cluster role)
- There's a lot of validation for these types in the backend that would be tricky to do with the current mechanism up front
- Namespaced roles cannot use non-resource urls
- Rules with resources must have api groups (and vice versa)
- Roles with no rules are ok (guessing this is because there's no validation of the inherit role side)
- So let the api validation do it's thing for the complex cases on submit
- Apply basic rule validation to non-rancher role types
- Role Rule 'Resources' --> 'Resource
- For disabled radio buttons don't show standard grey colour, use the usual ith opacity
- Ensure default locked value is set after setting up subtype
- Builds on generic way to handle Management Global Roles and Role Templates
- Applies to rbac.authorization.k8s.io.role and rbac.authorization.k8s.io.clusterrole
- Remove spoofed rbac role template type
- Use spoof's base type's management global role and role template types
- Display these types as global, cluster and project tables in auth product
Richard Cox
Richard Cox