Implement reviews

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_admin_role.yaml

@@ -1,9 +1,9 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Provides full permissions (create, update, delete) over all custom resource objects 
-# for the specified API resources across the cluster. In addition to resource management, 
-# it grants users the ability to modify roles and bindings within the cluster, 
+# Provides full permissions (create, update, delete) over all custom resource objects
+# for the specified API resources across the cluster. In addition to resource management,
+# it grants users the ability to modify roles and bindings within the cluster,
 # allowing them to delegate specific permissions to other users or groups as needed.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,22 +12,12 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: cronjob-admin-role
 rules:
 - apiGroups:
   - batch.tutorial.kubebuilder.io
-  - rbac.authorization.k8s.io
   resources:
   - cronjobs
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_editor_role.yaml

@@ -3,7 +3,7 @@
 #
 # Allows users to modify all custom resources for project on the cluster.
 # This role enables users to create, update, and delete resources,
-# making it suitable for team members who need to manage resources 
+# making it suitable for team members who need to manage resources
 # but should not control RBAC or manage permissions for others.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,11 +12,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default edit ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: cronjob-editor-role
 rules:
 - apiGroups:

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/cronjob_viewer_role.yaml

@@ -1,8 +1,8 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Grants read-only access to CronJob resources. 
-# This role is intended for users who need visibility into the resources 
+# Grants read-only access to CronJob resources.
+# This role is intended for users who need visibility into the resources
 # without any permissions to modify them. It’s ideal for monitoring purposes and limited-access viewing.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11,11 +11,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default view ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: cronjob-viewer-role
 rules:
 - apiGroups:

docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml

@@ -3873,13 +3873,8 @@ metadata:
 rules:
 - apiGroups:
   - batch.tutorial.kubebuilder.io
-  - rbac.authorization.k8s.io
   resources:
   - cronjobs
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

docs/book/src/getting-started/testdata/project/config/rbac/memcached_admin_role.yaml

@@ -1,9 +1,9 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Provides full permissions (create, update, delete) over all custom resource objects 
-# for the specified API resources across the cluster. In addition to resource management, 
-# it grants users the ability to modify roles and bindings within the cluster, 
+# Provides full permissions (create, update, delete) over all custom resource objects
+# for the specified API resources across the cluster. In addition to resource management,
+# it grants users the ability to modify roles and bindings within the cluster,
 # allowing them to delegate specific permissions to other users or groups as needed.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,22 +12,12 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: memcached-admin-role
 rules:
 - apiGroups:
   - cache.example.com
-  - rbac.authorization.k8s.io
   resources:
   - memcacheds
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

docs/book/src/getting-started/testdata/project/config/rbac/memcached_editor_role.yaml

@@ -3,7 +3,7 @@
 #
 # Allows users to modify all custom resources for project on the cluster.
 # This role enables users to create, update, and delete resources,
-# making it suitable for team members who need to manage resources 
+# making it suitable for team members who need to manage resources
 # but should not control RBAC or manage permissions for others.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,11 +12,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default edit ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: memcached-editor-role
 rules:
 - apiGroups:

docs/book/src/getting-started/testdata/project/config/rbac/memcached_viewer_role.yaml

@@ -1,8 +1,8 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Grants read-only access to Memcached resources. 
-# This role is intended for users who need visibility into the resources 
+# Grants read-only access to Memcached resources.
+# This role is intended for users who need visibility into the resources
 # without any permissions to modify them. It’s ideal for monitoring purposes and limited-access viewing.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11,11 +11,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default view ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: memcached-viewer-role
 rules:
 - apiGroups:

docs/book/src/getting-started/testdata/project/dist/install.yaml

@@ -242,13 +242,8 @@ metadata:
 rules:
 - apiGroups:
   - cache.example.com
-  - rbac.authorization.k8s.io
   resources:
   - memcacheds
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

docs/book/src/multiversion-tutorial/testdata/project/config/rbac/cronjob_admin_role.yaml

@@ -1,9 +1,9 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Provides full permissions (create, update, delete) over all custom resource objects 
-# for the specified API resources across the cluster. In addition to resource management, 
-# it grants users the ability to modify roles and bindings within the cluster, 
+# Provides full permissions (create, update, delete) over all custom resource objects
+# for the specified API resources across the cluster. In addition to resource management,
+# it grants users the ability to modify roles and bindings within the cluster,
 # allowing them to delegate specific permissions to other users or groups as needed.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,22 +12,12 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: cronjob-admin-role
 rules:
 - apiGroups:
   - batch.tutorial.kubebuilder.io
-  - rbac.authorization.k8s.io
   resources:
   - cronjobs
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

docs/book/src/multiversion-tutorial/testdata/project/config/rbac/cronjob_editor_role.yaml

@@ -3,7 +3,7 @@
 #
 # Allows users to modify all custom resources for project on the cluster.
 # This role enables users to create, update, and delete resources,
-# making it suitable for team members who need to manage resources 
+# making it suitable for team members who need to manage resources
 # but should not control RBAC or manage permissions for others.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -12,11 +12,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default edit ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: cronjob-editor-role
 rules:
 - apiGroups:

docs/book/src/multiversion-tutorial/testdata/project/config/rbac/cronjob_viewer_role.yaml

@@ -1,8 +1,8 @@
 # This rule is not used by the project project itself.
 # It is provided to allow the cluster admin to help manage permissions for users.
 #
-# Grants read-only access to CronJob resources. 
-# This role is intended for users who need visibility into the resources 
+# Grants read-only access to CronJob resources.
+# This role is intended for users who need visibility into the resources
 # without any permissions to modify them. It’s ideal for monitoring purposes and limited-access viewing.
 
 apiVersion: rbac.authorization.k8s.io/v1
@@ -11,11 +11,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default view ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: cronjob-viewer-role
 rules:
 - apiGroups:

docs/book/src/multiversion-tutorial/testdata/project/dist/install.yaml

@@ -7684,13 +7684,8 @@ metadata:
 rules:
 - apiGroups:
   - batch.tutorial.kubebuilder.io
-  - rbac.authorization.k8s.io
   resources:
   - cronjobs
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/crd_admin_role.go

@@ -79,22 +79,12 @@ metadata:
   labels:
     app.kubernetes.io/name: {{ .ProjectName }}
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: {{ .RoleName }}
 rules:
 - apiGroups:
   - {{ .Resource.QualifiedGroup }}
-  - rbac.authorization.k8s.io
   resources:
   - {{ .Resource.Plural }}
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/crd_editor_role.go

@@ -79,11 +79,6 @@ metadata:
   labels:
     app.kubernetes.io/name: {{ .ProjectName }}
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default edit ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: {{ .RoleName }}
 rules:
 - apiGroups:

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/crd_viewer_role.go

@@ -78,11 +78,6 @@ metadata:
   labels:
     app.kubernetes.io/name: {{ .ProjectName }}
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default view ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: {{ .RoleName }}
 rules:
 - apiGroups:

testdata/project-v4-multigroup/config/rbac/crew_captain_admin_role.yaml

@@ -12,22 +12,12 @@ metadata:
   labels:
     app.kubernetes.io/name: project-v4-multigroup
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: crew-captain-admin-role
 rules:
 - apiGroups:
   - crew.testproject.org
-  - rbac.authorization.k8s.io
   resources:
   - captains
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups:

testdata/project-v4-multigroup/config/rbac/crew_captain_editor_role.yaml

@@ -12,11 +12,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project-v4-multigroup
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default edit ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: crew-captain-editor-role
 rules:
 - apiGroups:

testdata/project-v4-multigroup/config/rbac/crew_captain_viewer_role.yaml

@@ -11,11 +11,6 @@ metadata:
   labels:
     app.kubernetes.io/name: project-v4-multigroup
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default view ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-view: "true"
   name: crew-captain-viewer-role
 rules:
 - apiGroups:

testdata/project-v4-multigroup/config/rbac/example.com_busybox_admin_role.yaml

@@ -12,22 +12,12 @@ metadata:
   labels:
     app.kubernetes.io/name: project-v4-multigroup
     app.kubernetes.io/managed-by: kustomize
-
-    # Uncomment the following line if you want to aggregate these permissions to the default admin ClusterRole.
-    # For more information, please see:
-    # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
-    # rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: example.com-busybox-admin-role
 rules:
 - apiGroups:
   - example.com.testproject.org
-  - rbac.authorization.k8s.io
   resources:
   - busyboxes
-  - clusterroles
-  - clusterrolebindings
-  - roles
-  - rolebindings
   verbs:
   - '*'
 - apiGroups: