Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-12528

UI support for standalone Policy deployments

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Critical Critical
    • ACM 2.12.0
    • None
    • GRC
    • None
    • False
    • None
    • False
    • Not Selected
    • 50% To Do, 0% In Progress, 50% Done

      Feature Overview

      De-coupling the Open Cluster Management Policy framework from the OCM management control plane; enabling Policies to be able to be deployed to a given cluster via any desired "transport" mechanism.  Based on ACM-12484, this issue is track UI support related to this requirement. 

      Goals

      This Section: Provide high-level goal statement, providing user context
      and expected user outcome(s) for this feature

      • Allow for Configuration/Certificate/OperatorPolicies to be able to be defined directly to a cluster without going through the hub cluster via Policy kind
      • Discover and display policies that are deployed in the managed clusters
        • Primary:  Open Cluster Management policies
        • Secondary:  Gatekeeper constraints

      Requirements

      This Section: A list of specific needs or objectives that a Feature must
      deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
      If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
      it does not shift the feature.

      Requirement Notes isMvp?
      CI - MUST be running successfully with test automation This is a
      requirement for ALL features.      		 YES
      Release Technical Enablement Provide necessary release enablement details
      and documents.      		 YES

      (Optional) Use Cases

      This Section:

      • As a user, I can centrally visualize the inventory and status of my Configuration/Certificate/OperatorPolicies deployed across my fleet; regardless if they are deployed via the hub Policy kind or in standalone mode
      • User Experience ideation:
        • On Governance dashboard, add a new tab next to "Policies" for something to be named (Discovered policies, Policy templates, etc)
        • On this tab, a table will be displayed with the "discovered policies", each row will be an aggregate of polices by name + namespace + kind across clusters, columns will be:
          • Name (Sort)
          • Namespace (Sort / Filter)
          • Policy type (Configuration/Certificate/Operator, Gatekeeper?) (Sort / Filter)
          • Remediation (inform/enforce) (Sort / Filter)
          • Severity (Sort / Filter)
          • x / y clusters that are compliant (Sort - by # of clusters violated, Filter - by has or has no violations?)
          • Parent policy (if created by Policy kind)
        • The name will be clickable and lead to a details page or side panel:
          • The content will have a table; that includes the list of clusters that share this Policy, columns will be:
            • Cluster
            • Violations
            • Message
            • Severity
            • Remediation
        • When a cluster name is clicked, it will take the user to the existing policy template details page

      Stretch Goals:

      • On the Overview dashboard, new cards for the following are displayed:
        • Violation count of ConfigurationPolicies
          • When clicked launches to a filtered view of "discovered policies" table with the Policy type + has or has no violations filters applied
        • Violation count for CertificatePolicies
          • When clicked launches to a filtered view of "discovered policies" table with the Policy type + has or has no violations filters applied
        • Violation count for OperatorPolicies
          • When clicked launches to a filtered view of "discovered policies" table with the Policy type + has or has no violations filters applied
        • Gatekeeper

      Questions to answer

      • What should be used on the back-end?  Compliance history API, Search, Observability, etc?
        • Search:  any special handling needed when Search needs to restart and all the data needs to be re-aggregated?  What are the impacts to the UX?  How does ALC handle this?
      • If runway is available, what are the differences and challenges we will need to address to do policy discovery of the Gatekeeper constraints?  How is the UX different?

      Out of Scope

      Background, and strategic fit

      This Section: What does the person writing code, testing, documenting
      need to know? What context can be provided to frame this feature?

      Assumptions

      • ...

      Customer Considerations

      • ...

      Documentation Considerations

      Questions to be addressed:

      • What educational or reference material (docs) is required to support this
        product feature? For users/admins? Other functions (security officers, etc)?
      • Does this feature have a doc impact?
      • New Content, Updates to existing content, Release Note, or No Doc Impact
      • If unsure and no Technical Writer is available, please contact Content
        Strategy.
      • What concepts do customers need to understand to be successful in
        [action]?
      • How do we expect customers will use the feature? For what purpose(s)?
      • What reference material might a customer want/need to complete [action]?
      • Is there source material that can be used as reference for the Technical
        Writer in writing the content? If yes, please link if available.
      • What is the doc impact (New Content, Updates to existing content, or
        Release Note)?

              mprahl Matthew Prahl
              showeimer Sho Weimer
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: