Open edwin-bruurs opened 1 year ago
I don't mind creating a MR if this feature is valuable.
@edwin-bruurs what version of Rancher are you targeting with this change?
I got an answer to this in another channel, this is targeting Rancher v2.10 and no backports are necessary.
updatepsa
and manage-namespaces
added to the list of available verbs.
Is your feature request related to a problem? Please describe.
Currently it is not possible to create a custom roles giving a user the following permissions
This is needed to give a user additional permissions to create a namespace in a project. See also the documentation on the Rancher webhook validation
Using the code above results in the error
expected rules.0.verbs.0 to be one of [* create delete deletecollection get list patch update view watch own use bind escalate impersonate], got updateps
andError: expected rules.0.verbs.1 to be one of [* create delete deletecollection get list patch update view watch own use bind escalate impersonate], got manage-namespaces
Describe the solution you'd like
Add the verbs
updatepsa
andmanage-namespaces
to the allowed verbs list.Describe alternatives you've considered
Using the
*
verb. But in many cases this will grant to much permissions over the resource (e.g. giving full permission over projects is not what you typically want).Additional context
See also related issues on adding new verbs: