*: Fix dashboard's token generation RBAC YAML

[Garima-Negi]

What problem does this PR solve?

This PR introduces a change to the rbac.yaml file that is shown to user when generating a new token for using chaosmesh dashboard.

What's changed and how it works?

Existing yaml is incorrect for apiGroup chaos-mesh.org and does not add the required verbs/resources in rule section.
This results in errors on dashboard "cannot list resource PodChaos" etc.for all types of resources

After fix, the rule is created correctly: {APIGroups:["[chaos-mesh.org](http://chaos-mesh.org/)"], Resources:["*"], Verbs:["get" "list" "watch" "create" "delete" "patch" "update"]}

The fix is aligned with https://kubernetes.io/docs/reference/access-authn-authz/rbac/

rules:
- apiGroups: [""]
  #
  # at the HTTP level, the name of the resource for accessing Pod
  # objects is "pods"
  resources: ["pods"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
  #
  # at the HTTP level, the name of the resource for accessing Job
  # objects is "jobs"
  resources: ["jobs"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

Related changes

not sure of remaining options in PR description

• Need to update chaos-mesh/website
• Need to update Dashboard UI
• Need to cheery-pick to release branches
  • release-2.2
  • release-2.1

Checklist

CHANGELOG

• I have updated the CHANGELOG.md
• I have labeled this PR with "no-need-update-changelog"

Tests

• Unit test
• E2E test
• No code
• Manual test (add steps below)

Side effects

• Breaking backward compatibility

Release note

Please add a release note.

You can safely ignore this section if you don't think this PR needs a release note.

DCO

If you find the DCO check fails, please run commands like below (Depends on the actual situations. For example, if the failed commit isn't the most recent) to fix it:

git commit --amend --signoff
git push --force

[ti-chi-bot]

[REVIEW NOTIFICATION]

This pull request has been approved by:

• STRRL

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

[ti-chi-bot]

Welcome @Garima-Negi!

It looks like this is your first PR to chaos-mesh/chaos-mesh 🎉.

I'm the bot to help you request reviewers, add labels and more, See available commands.

We want to make sure your contribution gets all the attention it needs!



Thank you, and welcome to chaos-mesh/chaos-mesh. 😃

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@9c3f63a). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #3370   +/-   ##
=========================================
  Coverage          ?   40.08%           
=========================================
  Files             ?      166           
  Lines             ?    14187           
  Branches          ?        0           
=========================================
  Hits              ?     5687           
  Misses            ?     8065           
  Partials          ?      435           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9c3f63a...9450a5b. Read the comment docs.

[FingerLeader]

Thanks for your contribution! Please update the CHANGELOG.md, rest LGTM

[STRRL]

I do not get the point.

apiGroups:
  - chaos-mesh.org

apiGroups: ["chaos-mesh.org"]

they introduce the same meaning.

[Garima-Negi]

It didn't work for me with the existing yaml until I fixed it as linked here https://kubernetes.io/docs/reference/access-authn-authz/rbac/

[STRRL]

A little weird but it could still work. I have no reason to block this PR.

Hi @Garima-Negi , could you append an entry into the CHANGELOG.md about this PR? ❤️

[Garima-Negi]

done

[FingerLeader]

@Garima-Negi please fix the DCO, you can click details for more information

[STRRL]

LGTM!

[STRRL]

/merge

[STRRL]

/merge cancel

This PR requires updates on CHANEGLOG.

[STRRL]

/merge

[ti-chi-bot]

This pull request has been accepted and is ready to merge.

Commit hash: 94aa633

[ti-chi-bot]

@Garima-Negi: Your PR was out of date, I have automatically updated it for you.

At the same time I will also trigger all tests for you:

/run-all-tests

If the CI test fails, you just re-trigger the test that failed and the bot will merge the PR for you after the CI passes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository.