Skip to content

Commit 8bea1b0

Browse files
enjenj
committed
update descriptions
Signed-off-by: Monis Khan <[email protected]>
1 parent 8924223 commit 8bea1b0

File tree

1 file changed

+21
-5
lines changed

1 file changed

+21
-5
lines changed

pkg/cmd/server/bootstrappolicy/policy.go

Lines changed: 21 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
100100
ObjectMeta: kapi.ObjectMeta{
101101
Name: ClusterAdminRoleName,
102102
Annotations: map[string]string{
103-
oapi.OpenShiftDescription: "A super-user that can perform any action in the cluster. When granted to a user within a local policy, they have full control over quota and roles and every action on every resource in the project.",
103+
oapi.OpenShiftDescription: "A super-user that can perform any action in the cluster. When granted to a user within a project, they have full control over quota and roles and every action on every resource in the project.",
104104
roleSystemOnly: roleIsSystemOnly,
105105
},
106106
},
@@ -262,7 +262,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
262262
ObjectMeta: kapi.ObjectMeta{
263263
Name: AdminRoleName,
264264
Annotations: map[string]string{
265-
oapi.OpenShiftDescription: "A project manager. If used in a local binding, an admin user will have rights to view any resource in the project and modify any resource in the project except for role creation and quota. If the cluster-admin wants to allow an admin to modify roles, the cluster-admin must create a project-scoped Policy object."},
265+
oapi.OpenShiftDescription: "A user that has edit rights within the project and can change the project's membership.",
266+
},
266267
},
267268
Rules: []authorizationapi.PolicyRule{
268269
authorizationapi.NewRule(readWrite...).Groups(kapiGroup).Resources("pods", "pods/attach", "pods/proxy", "pods/exec", "pods/portforward").RuleOrDie(),
@@ -325,7 +326,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
325326
ObjectMeta: kapi.ObjectMeta{
326327
Name: EditRoleName,
327328
Annotations: map[string]string{
328-
oapi.OpenShiftDescription: "A user that can modify most objects in a project, but does not have the power to view or modify roles or bindings."},
329+
oapi.OpenShiftDescription: "A user that can create and edit most objects in a project, but can not update the project's membership.",
330+
},
329331
},
330332
Rules: []authorizationapi.PolicyRule{
331333
authorizationapi.NewRule(readWrite...).Groups(kapiGroup).Resources("pods", "pods/attach", "pods/proxy", "pods/exec", "pods/portforward").RuleOrDie(),
@@ -379,7 +381,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
379381
ObjectMeta: kapi.ObjectMeta{
380382
Name: ViewRoleName,
381383
Annotations: map[string]string{
382-
oapi.OpenShiftDescription: "A user who cannot make any modifications, but can see most objects in a project. They cannot view or modify roles or bindings or secrets."},
384+
oapi.OpenShiftDescription: "A user who can view but not edit any resources within the project. They can not view secrets or membership.",
385+
},
383386
},
384387
Rules: []authorizationapi.PolicyRule{
385388
// TODO add "replicationcontrollers/scale" here
@@ -430,7 +433,8 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
430433
ObjectMeta: kapi.ObjectMeta{
431434
Name: BasicUserRoleName,
432435
Annotations: map[string]string{
433-
oapi.OpenShiftDescription: "A user that can get basic information about projects."},
436+
oapi.OpenShiftDescription: "A user that can get basic information about projects.",
437+
},
434438
},
435439
Rules: []authorizationapi.PolicyRule{
436440
authorizationapi.NewRule("get").Groups(userGroup).Resources("users").Names("~").RuleOrDie(),
@@ -499,6 +503,9 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
499503
{
500504
ObjectMeta: kapi.ObjectMeta{
501505
Name: ImagePullerRoleName,
506+
Annotations: map[string]string{
507+
oapi.OpenShiftDescription: "Grants the right to pull images from within a project.",
508+
},
502509
},
503510
Rules: []authorizationapi.PolicyRule{
504511
// pull images
@@ -512,6 +519,9 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
512519
// push an image to our registry
513520
ObjectMeta: kapi.ObjectMeta{
514521
Name: ImagePusherRoleName,
522+
Annotations: map[string]string{
523+
oapi.OpenShiftDescription: "Grants the right to push and pull images from within a project.",
524+
},
515525
},
516526
Rules: []authorizationapi.PolicyRule{
517527
// push and pull images
@@ -521,6 +531,9 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
521531
{
522532
ObjectMeta: kapi.ObjectMeta{
523533
Name: ImageBuilderRoleName,
534+
Annotations: map[string]string{
535+
oapi.OpenShiftDescription: "Grants the right to build, push and pull images from within a project. Used primarily with service accounts for builds.",
536+
},
524537
},
525538
Rules: []authorizationapi.PolicyRule{
526539
// push and pull images
@@ -564,6 +577,9 @@ func GetBootstrapClusterRoles() []authorizationapi.ClusterRole {
564577
{
565578
ObjectMeta: kapi.ObjectMeta{
566579
Name: DeployerRoleName,
580+
Annotations: map[string]string{
581+
oapi.OpenShiftDescription: "Grants the right to deploy within a project. Used primarily with service accounts for automated deployments.",
582+
},
567583
},
568584
Rules: []authorizationapi.PolicyRule{
569585
authorizationapi.NewRule("get", "list", "watch", "update").Groups(kapiGroup).Resources("replicationcontrollers").RuleOrDie(),

0 commit comments

Comments
 (0)