chore: add taxonomy annotations and role-category labels to IAM roles for UI grouping

config/optional-policies/organization-creator-policy/organization-creator-role.yaml

@@ -2,10 +2,14 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: organization-creator
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   namespace: milo-system
   annotations:
     kubernetes.io/display-name: Organization Creator
     kubernetes.io/description: Allows creating new organizations
+    taxonomy.miloapis.com/product: Organization & Projects
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/apiextensions-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: apiextensions-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: API Extensions Viewer
     kubernetes.io/description: View access to custom resource definitions
+    taxonomy.miloapis.com/product: "Platform Core"
+    taxonomy.miloapis.com/sort-order: "40"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/core-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: core-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Core Admin
     kubernetes.io/description: Full access to core platform resources including secrets, configmaps, and namespaces
+    taxonomy.miloapis.com/product: "Platform Core"
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/core-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: core-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Core Editor
     kubernetes.io/description: Edit access to core platform resources including secrets, configmaps, and namespaces
+    taxonomy.miloapis.com/product: "Platform Core"
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/core-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: core-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Core Reader
     kubernetes.io/description: View access to core platform resources including secrets, configmaps, and namespaces
+    taxonomy.miloapis.com/product: "Platform Core"
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: IAM Admin
     kubernetes.io/description: "Full access to all IAM resources"
+    taxonomy.miloapis.com/product: "Identity & Access Management"
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: IAM Editor
     kubernetes.io/description: "Edit IAM resources"
+    taxonomy.miloapis.com/product: "Identity & Access Management"
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-access-approvals-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-approvals-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Approval Admin
     kubernetes.io/description: Full access to platform access approvals
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-access-approvals-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-approvals-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Approval Editor
     kubernetes.io/description: Create, update, and delete platform access approvals
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-access-approvals-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-approvals-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Approval Viewer
     kubernetes.io/description: View platform access approvals
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-platform-access-rejections-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-rejections-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Rejection Admin
     kubernetes.io/description: Full access to platform access rejections
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-access-rejections-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-rejections-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Rejection Editor
     kubernetes.io/description: Create, update, and delete platform access rejections
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-access-rejections-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-access-rejections-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Access Rejection Viewer
     kubernetes.io/description: View platform access rejections
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-platform-invitations-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-invitations-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Invitation Admin
     kubernetes.io/description: Full access to platform invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-invitations-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-invitations-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Invitation Editor
     kubernetes.io/description: Create, update, and delete platform invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-platform-invitations-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-platform-invitations-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Platform Invitation Viewer
     kubernetes.io/description: View platform invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-role-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: role-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Role Admin
     kubernetes.io/description: Full access to IAM roles
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-role-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: role-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Role Editor
     kubernetes.io/description: Create, update, and delete IAM roles
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-role-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: role-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: Role Viewer
     kubernetes.io/description: View IAM roles
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-user-deactivations-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-deactivations-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Deactivation Admin
     kubernetes.io/description: Full access to user deactivations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-user-deactivations-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-deactivations-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Deactivation Editor
     kubernetes.io/description: Create, update, and delete user deactivations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-user-deactivations-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-deactivations-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Deactivation Viewer
     kubernetes.io/description: View user deactivations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-user-invitations-admin.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-invitations-admin
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Invitation Admin
     kubernetes.io/description: Full access to user invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "10"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-user-invitations-editor.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-invitations-editor
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Invitation Editor
     kubernetes.io/description: Create, update, and delete user invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "20"
 spec:
   launchStage: Beta
   inheritedRoles:

config/roles/iam-user-invitations-reader.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-invitations-reader
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Invitation Viewer
     kubernetes.io/description: View user invitations
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-user-preferences-manager.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-preferences-manager
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Preferences Manager
     kubernetes.io/description: "Allows users to manage their own user preferences only."
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "40"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-user-self-manage.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-user-self-manage
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: User Self Manage
     kubernetes.io/description: "Allows users to manage their own user account."
+    taxonomy.miloapis.com/product: Identity & Access Management
+    taxonomy.miloapis.com/sort-order: "40"
 spec:
   launchStage: Beta
   includedPermissions:

config/roles/iam-viewer.yaml

@@ -2,9 +2,13 @@ apiVersion: iam.miloapis.com/v1alpha1
 kind: Role
 metadata:
   name: iam-viewer
+  labels:
+    taxonomy.miloapis.com/role-category: platform
   annotations:
     kubernetes.io/display-name: IAM Viewer
     kubernetes.io/description: "View IAM resources"
+    taxonomy.miloapis.com/product: "Identity & Access Management"
+    taxonomy.miloapis.com/sort-order: "30"
 spec:
   launchStage: Beta
   includedPermissions: