-
Epic
-
Resolution: Unresolved
-
Blocker
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
Not Selected
-
GA
Feature Overview
This feature is intended to track the remaining work items in the Search component to meet the requirements for the ACM Virtualization RBAC GA.
Goals
This Section: Provide high-level goal statement, providing user context
and expected user outcome(s) for this feature
- Ensure that fine-grained authorizations for Virtualization for users are properly enforced.
- Ensure that when fine-grained RBAC for Virtualization is enabled; that other lifecycle areas of ACM are not regressed and impacted by the most restrictive permissions in Virt.
- Ensure high quality and performance of Search when having to do additional checks and calculations for each resource returned from queries.
Requirements
This Section: A list of specific needs or objectives that a Feature must
deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
it does not shift the feature.
| Requirement | Notes | isMvp? |
|---|---|---|
| Ensure that when Fine-Grained RBAC for Virtualization is enabled, that Search respects the rules for the resources and verbs for the ACM Virt Roles | YES | |
| Resolve the issue that when Fine-Grained RBAC for Virtualization is enabled; that other lifecycle areas of ACM are currently broken (ALC, GRC, etc should not be broken by Virt permissions) | YES | |
| CI - MUST be running successfully with test automation | This is a requirement for ALL features. |
YES |
| Release Technical Enablement | Provide necessary release enablement details and documents. |
YES |
Questions to answer
- Do we need the Aggregate API server to return the user's bound roles; so that search can dynamically lookup the role and inspect the rules?
- A. No, the decisions was that Search would continue to assume the Aggregate API server is for Kubevirt viewership only. Removes the dependency on any additional change to the Kubernetes Aggregate API Server.
Out of Scope
- Fine-Grained RBAC enforcement of non-Virtualization related resources.
- A. This was agreed on across the board from ACM Architectures, Management and Product Management.
Background, and strategic fit
This Section: What does the person writing code, testing, documenting
need to know? What context can be provided to frame this feature?
Assumptions
- ...
Customer Considerations
- ...
Documentation Considerations
Questions to be addressed:
- What educational or reference material (docs) is required to support this
product feature? For users/admins? Other functions (security officers, etc)? - Does this feature have a doc impact?
- New Content, Updates to existing content, Release Note, or No Doc Impact
- If unsure and no Technical Writer is available, please contact Content
Strategy. - What concepts do customers need to understand to be successful in
[action]? - How do we expect customers will use the feature? For what purpose(s)?
- What reference material might a customer want/need to complete [action]?
- Is there source material that can be used as reference for the Technical
Writer in writing the content? If yes, please link if available. - What is the doc impact (New Content, Updates to existing content, or
Release Note)?
- blocks
-
VIRTSTRAT-51 Enable fine-grained RBAC support in ACM for Virt use cases
-
- In Progress
-
