diff --git a/templates/rbacv2/manage/manage_internals.yaml b/templates/rbacv2/manage/permissions/manage_internals.yaml similarity index 94% rename from templates/rbacv2/manage/manage_internals.yaml rename to templates/rbacv2/manage/permissions/manage_internals.yaml index dada5adcd..7e548ffb4 100644 --- a/templates/rbacv2/manage/manage_internals.yaml +++ b/templates/rbacv2/manage/permissions/manage_internals.yaml @@ -9,7 +9,7 @@ metadata: rbac.deckhouse.io/kind: manage rbac.deckhouse.io/level: module rbac.deckhouse.io/namespace: d8-virtualization - name: d8:manage:capability:virtualization:manage_internals + name: d8:manage:permission:virtualization:manage_internals rules: - apiGroups: - cdi.internal.virtualization.deckhouse.io diff --git a/templates/rbacv2/manage/manage_resources.yaml b/templates/rbacv2/manage/permissions/manage_resources.yaml similarity index 100% rename from templates/rbacv2/manage/manage_resources.yaml rename to templates/rbacv2/manage/permissions/manage_resources.yaml diff --git a/templates/rbacv2/manage/view_resources.yaml b/templates/rbacv2/manage/permissions/view_resources.yaml similarity index 100% rename from templates/rbacv2/manage/view_resources.yaml rename to templates/rbacv2/manage/permissions/view_resources.yaml diff --git a/templates/rbacv2/manage/roles/manager.yaml b/templates/rbacv2/manage/roles/manager.yaml index db23f2f7e..8883feb3c 100644 --- a/templates/rbacv2/manage/roles/manager.yaml +++ b/templates/rbacv2/manage/roles/manager.yaml @@ -9,7 +9,7 @@ metadata: rbac.deckhouse.io/kind: manage rbac.deckhouse.io/level: subsystem rbac.deckhouse.io/subsystem: virtualization - #rbac.deckhouse.io/aggregate-to-virtualization-as: disaster-admin + rbac.deckhouse.io/aggregate-to-virtualization-as: super-admin rbac.deckhouse.io/aggregate-to-all-as: manager aggregationRule: clusterRoleSelectors: diff --git a/templates/rbacv2/use/admin.yaml b/templates/rbacv2/use/roles/admin.yaml similarity index 86% rename from templates/rbacv2/use/admin.yaml rename to templates/rbacv2/use/roles/admin.yaml index 9e2b4fe26..9da045f86 100644 --- a/templates/rbacv2/use/admin.yaml +++ b/templates/rbacv2/use/roles/admin.yaml @@ -6,6 +6,7 @@ metadata: heritage: deckhouse module: virtualization rbac.deckhouse.io/aggregate-to-all-as: admin + rbac.deckhouse.io/aggregate-to-virtualization-as: super-admin rbac.deckhouse.io/kind: use aggregationRule: clusterRoleSelectors: diff --git a/templates/rbacv2/use/manager.yaml b/templates/rbacv2/use/roles/manager.yaml similarity index 100% rename from templates/rbacv2/use/manager.yaml rename to templates/rbacv2/use/roles/manager.yaml diff --git a/templates/rbacv2/use/super-admin.yaml b/templates/rbacv2/use/roles/super-admin.yaml similarity index 63% rename from templates/rbacv2/use/super-admin.yaml rename to templates/rbacv2/use/roles/super-admin.yaml index 1b3126561..b9489ac6d 100644 --- a/templates/rbacv2/use/super-admin.yaml +++ b/templates/rbacv2/use/roles/super-admin.yaml @@ -8,4 +8,9 @@ metadata: rbac.deckhouse.io/aggregate-to-role: super-admin rbac.deckhouse.io/kind: use name: d8:use:virtualization:super-admin +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.deckhouse.io/kind: use + rbac.deckhouse.io/aggregate-to-virtualization-as: super-admin rules: [] diff --git a/templates/rbacv2/use/user.yaml b/templates/rbacv2/use/roles/user.yaml similarity index 100% rename from templates/rbacv2/use/user.yaml rename to templates/rbacv2/use/roles/user.yaml diff --git a/templates/rbacv2/use/viewer.yaml b/templates/rbacv2/use/roles/viewer.yaml similarity index 100% rename from templates/rbacv2/use/viewer.yaml rename to templates/rbacv2/use/roles/viewer.yaml