-
Epic
-
Resolution: Done
-
Critical
-
None
-
Code refactor to split permission for registration/work
-
False
-
None
-
False
-
To Do
-
ACM-1585 - Integrate RHACM into Service Delivery
-
Epic Goal
- Refactor to split the registration and work agents to allow them to use different sets of authorizations/permissions
Why is this important?
- This is the prerequisite for ACM-1361, in that Epic, two or more klusterlet will be running on the same managed cluster, which requires each klusterlet has limited permission in namespace and cluster scope. This epic is to reduce the registration/work permission in cluster scope, and split the permission to basic permission and apply permission, basic permission is the RBAC needed to let component get running, and apply permission is the permission to apply manifest work and addon.
Scenarios
- Define and implement an absolute minimum set of permissions needed for the registration and work agent
- Define and implement the additional set of permissions required for the work agent to apply manifest
- Do not need to support the adding of additional permissions to #2
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
