From 36acd10c40f6aeb799f354b8946f6d63b7f23d54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Anders=20B=C3=A4ckman?= <anders.backman@elastisys.com>
Date: Thu, 19 Dec 2024 08:30:46 +0100
Subject: [PATCH] apps wc: update schema for extra dev RBAC

---
 config/schemas/config.yaml | 66 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 65 insertions(+), 1 deletion(-)

diff --git a/config/schemas/config.yaml b/config/schemas/config.yaml
index 98379db29..0c6167765 100644
--- a/config/schemas/config.yaml
+++ b/config/schemas/config.yaml
@@ -1475,16 +1475,80 @@ properties:
         additionalProperties: false
       extraRoles:
         title: Configure extra Roles for application developers
+        description: |
+          Configure extra Roles for application developers
+          The Roles are added to all application developer namespaces configured in user.namespaces
         type: object
+        properties: {}
+        additionalProperties:
+          properties:
+            rules:
+              title: PolicyRules for this Role
+              type: array
+              default: []
+          additionalProperties: false
       extraRoleBindings:
         title: Configure extra RoleBindings for application developers
+        description: |
+          Configure extra RoleBindings for application developers
+          The RoleBindings are added to all application developer namespaces configured in user.namespaces
         type: object
+        properties: {}
+        additionalProperties:
+          properties:
+            roleRef:
+              title: The reference to a role to use for this RoleBinding
+              type: object
+              additionalProperties:
+                name:
+                  title: Name of the Role or ClusterRole to bind subjects with
+                  type: string
+                kind:
+                  title: Either ClusterRole or Role
+                  type: string
+                  default: Role
+                  enum:
+                    - ClusterRole
+                    - Role
+            subjects:
+              title: Subjects to apply role to
+              type: array
+              default: []
+          additionalProperties: false
       extraClusterRoles:
-        title: Configure extra ClusterRoles for application developers
+        title: Configure extra ClusterRoles
+        description: |
+          Configure extra ClusterRoles that are not originally part of Welkin
+          These are intended to be used for application developers
         type: object
+        properties: {}
+        additionalProperties:
+          properties:
+            rules:
+              title: PolicyRules for this Role
+              type: array
+              default: []
+          additionalProperties: false
       extraClusterRoleBindings:
         title: Configure extra ClusterRoleBindings for application developers
+        description: |
+          Configure extra ClusterRoleBindings for application developers
         type: object
+        properties: {}
+        additionalProperties:
+          properties:
+            roleRef:
+              title: The reference to a role to use for this RoleBinding
+              type: object
+              additionalProperties:
+                name:
+                  title: Name of the ClusterRole to bind subjects with
+                  type: string
+            subjects:
+              title: Subjects to apply role to
+              type: array
+              default: []
+          additionalProperties: false
   hnc:
     additionalProperties: false
     title: HNC (Hierarchical Namespace Controller) Config