From b432bcb4defcef5a5dd3e74f8fd990df427eca3e Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Tue, 2 Oct 2018 18:00:57 -0700 Subject: [PATCH 1/7] adding description of custom resource --- .../rbac/cluster-project-roles/_index.md | 11 +++++++++-- .../rbac/default-custom-roles/_index.md | 2 ++ .../admin-settings/rbac/global-permissions/_index.md | 6 +++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md index 7bb710547c3..57a1f9357f5 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md @@ -43,7 +43,10 @@ The following table lists each built-in custom cluster role available in Rancher | View Cluster Members | ✓ | ✓ | | View Nodes | ✓ | ✓ | -> **Note:** Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. +> **Notes:** +> +>- Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. +>- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. ### Project Roles @@ -94,7 +97,11 @@ The following table lists each built-in custom project role available in Rancher | View Volumes | ✓ | ✓ | ✓ | | View Workloads | ✓ | ✓ | ✓ | -> **Note:** Each project role listed above, including Owner, Member, and Read Only, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. +> **Notes:** +> +>- Each project role listed above, including `Owner`, `Member`, and `Read Only`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. +>- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. + ### Defining Custom Roles As previously mentioned, custom roles can be defined for use at the cluster or project level. The context field defines whether the role will appear on the cluster member page, project member page, or both. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md index 11caf489f34..ea6292125cb 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md @@ -62,6 +62,8 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als 6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role. + >**Note**: Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. + You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign. 7. Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index d3031e0729d..08f8cfdfc4b 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -51,7 +51,11 @@ The following table lists each custom global permission available and whether it | User Catalog Templates | ✓ | ✓ | | Login Access | ✓ | ✓ | -> **Note:** Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalroles`. +> **Note:** +> +>- Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`. +>- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. + ### Default Global Permissions for New Users From 8b8b9036683f8353a23fe0f31d794a95197b6c29 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Wed, 28 Nov 2018 16:36:29 -0700 Subject: [PATCH 2/7] adding new note --- .../en/admin-settings/rbac/cluster-project-roles/_index.md | 5 ++--- .../en/admin-settings/rbac/default-custom-roles/_index.md | 2 +- .../v2.x/en/admin-settings/rbac/global-permissions/_index.md | 4 +--- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md index 57a1f9357f5..4a19f2249dc 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md @@ -46,7 +46,7 @@ The following table lists each built-in custom cluster role available in Rancher > **Notes:** > >- Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. +>- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. ### Project Roles @@ -100,8 +100,7 @@ The following table lists each built-in custom project role available in Rancher > **Notes:** > >- Each project role listed above, including `Owner`, `Member`, and `Read Only`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. - +>- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. ### Defining Custom Roles As previously mentioned, custom roles can be defined for use at the cluster or project level. The context field defines whether the role will appear on the cluster member page, project member page, or both. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md index ea6292125cb..7cf7294dc8e 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md @@ -62,7 +62,7 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als 6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role. - >**Note**: Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. + >**Note:** In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index 08f8cfdfc4b..b7932cee0d6 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -54,11 +54,9 @@ The following table lists each custom global permission available and whether it > **Note:** > >- Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`. ->- Resources denoted with `(Custom)` are resources defined by the Rancher API—_not_ Kubernetes. +>- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. -### Default Global Permissions for New Users - When a user from an [external authentication source]({{< baseurl >}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, new users are assigned the [user](#user) permissions. However, in some organizations, these permissions may extend too much access. In this use case, you can change the default permissions to something more restrictive, such as a set of individual permissions. You can assign one or more default permissions. For example, the `user` permission assigns new users a [set of individual global permissions](#global-permissions-reference). If you want to restrict the default permissions for new users, you can remove the `user` permission as default role and then assign multiple individual permissions as default instead. Conversely, you can also add administrative permissions on top of a set of other standard permissions. From 5981634c53eed98bce2f415c8724371cbcf65423 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Wed, 5 Dec 2018 12:46:49 -0700 Subject: [PATCH 3/7] updating per denise --- .../v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md | 2 +- .../v2.x/en/admin-settings/rbac/default-custom-roles/_index.md | 2 +- .../v2.x/en/admin-settings/rbac/global-permissions/_index.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md index 4a19f2249dc..144a0e904b4 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md @@ -46,7 +46,7 @@ The following table lists each built-in custom cluster role available in Rancher > **Notes:** > >- Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. +>- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. ### Project Roles diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md index 7cf7294dc8e..05ca64f61fa 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md @@ -62,7 +62,7 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als 6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role. - >**Note:** In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. + >**Note:** - In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index b7932cee0d6..deedff7772f 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -54,7 +54,7 @@ The following table lists each custom global permission available and whether it > **Note:** > >- Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`. ->- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. +>- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. When a user from an [external authentication source]({{< baseurl >}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, new users are assigned the [user](#user) permissions. However, in some organizations, these permissions may extend too much access. In this use case, you can change the default permissions to something more restrictive, such as a set of individual permissions. From 1a7567746398067f60100894a2defb790499f146 Mon Sep 17 00:00:00 2001 From: Mark Bishop Date: Thu, 6 Dec 2018 13:25:20 -0700 Subject: [PATCH 4/7] removed version num from note --- .../en/admin-settings/rbac/cluster-project-roles/_index.md | 2 +- .../en/admin-settings/rbac/default-custom-roles/_index.md | 2 +- .../v2.x/en/admin-settings/rbac/global-permissions/_index.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md index 144a0e904b4..0c4109a6740 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md @@ -46,7 +46,7 @@ The following table lists each built-in custom cluster role available in Rancher > **Notes:** > >- Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. +>- Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. ### Project Roles diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md index 05ca64f61fa..e9c7912f3d3 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md @@ -62,7 +62,7 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als 6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role. - >**Note:** - In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. + >**Note:** Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign. diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index deedff7772f..6a8f9a8f9b7 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -51,10 +51,10 @@ The following table lists each custom global permission available and whether it | User Catalog Templates | ✓ | ✓ | | Login Access | ✓ | ✓ | -> **Note:** +> **Notes:** > >- Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`. ->- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. +>- Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. When a user from an [external authentication source]({{< baseurl >}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, new users are assigned the [user](#user) permissions. However, in some organizations, these permissions may extend too much access. In this use case, you can change the default permissions to something more restrictive, such as a set of individual permissions. From c85ea92690bd9c3b24e127900d96330271a27426 Mon Sep 17 00:00:00 2001 From: Denise Date: Thu, 6 Dec 2018 21:08:35 -0800 Subject: [PATCH 5/7] Update _index.md --- .../en/admin-settings/rbac/cluster-project-roles/_index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md index 0c4109a6740..3d7664df5c8 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/cluster-project-roles/_index.md @@ -46,7 +46,7 @@ The following table lists each built-in custom cluster role available in Rancher > **Notes:** > >- Each cluster role listed above, including `Owner` and `Member`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. +>- When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource. ### Project Roles @@ -100,7 +100,7 @@ The following table lists each built-in custom project role available in Rancher > **Notes:** > >- Each project role listed above, including `Owner`, `Member`, and `Read Only`, is comprised of multiple rules granting access to various resources. You can view the roles and their rules on the Global > Security > Roles page. ->- In Rancher v2.1.1 and earlier, default resources denoted with `(Custom)` are a UI bug. These resources are two or more Rancher API resources that Rancher flags as `(Custom)` due to an escape issue. This issue is resolved as of v2.1.2. +>- When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource. ### Defining Custom Roles As previously mentioned, custom roles can be defined for use at the cluster or project level. The context field defines whether the role will appear on the cluster member page, project member page, or both. From 7dc88ed9c28b9fdf9deb0cafea164a9f17958c97 Mon Sep 17 00:00:00 2001 From: Denise Date: Thu, 6 Dec 2018 21:09:08 -0800 Subject: [PATCH 6/7] Update _index.md --- .../v2.x/en/admin-settings/rbac/default-custom-roles/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md index e9c7912f3d3..68f4f3c9cab 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md @@ -62,7 +62,7 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als 6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role. - >**Note:** Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. + >**Note:** When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource. You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign. From e479f309ee5a0021dc70573eb60f93bec44a488f Mon Sep 17 00:00:00 2001 From: Denise Date: Thu, 6 Dec 2018 21:10:09 -0800 Subject: [PATCH 7/7] Update _index.md --- .../v2.x/en/admin-settings/rbac/global-permissions/_index.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index 6a8f9a8f9b7..4322fcd314b 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -54,8 +54,7 @@ The following table lists each custom global permission available and whether it > **Notes:** > >- Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`. ->- Default resources denoted with `(Custom)` are two Kubernetes API resources that Rancher flags as `(Custom)` due to an escape issue. - +>- When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource. When a user from an [external authentication source]({{< baseurl >}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, new users are assigned the [user](#user) permissions. However, in some organizations, these permissions may extend too much access. In this use case, you can change the default permissions to something more restrictive, such as a set of individual permissions.