-
Epic
-
Resolution: Unresolved
-
Critical
-
ACM 2.14.0
-
rbac-vm-related-resources
-
Product / Portfolio Work
-
False
-
-
False
-
Not Selected
-
To Do
-
VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
-
-
67% To Do, 33% In Progress, 0% Done
-
Critical
OCP/Telco Definition of Done
https://docs.google.com/document/d/1TP2Av7zHXz4_fmeX4q9HB0m9cqSZ4F6Jd4AiVoaF_2s/edit#heading=h.gaa58bzbvwde
Epic Template descriptions and documentation.
https://docs.google.com/document/d/14CUCEg6hQ_jpsFzJtWo29GfFVWmun2Uivrxq3_Fkgdg/edit
ACM-wide Product Requirements (Top-level Epics)
https://docs.google.com/document/d/1uIp6nS2QZ766UFuZBaC9USs8dW_I5wVdtYF9sUObYKg/edit
*<--- Cut-n-Paste the entire contents of this description into your new
Epic --->*
Epic Goal
To provide a VM admin the necessary access to manage VirtualMachine related resources. This includes the VM pod, attached secrets/configmaps, storage (PV, PVC), networking (NetworkAttachmentDefinition), etc. The current VM admin permissions (kubevirt:admin) does not include any of these related resources.
Why is this important?
VM admins need to be able to view/modify VM related resources in order to troubleshoot issues. If they do not have, then their troubleshooting ability will be limited.
Scenarios
- VM admin can access all related VM resources with modify permissions
- VM view permissions can access the same as above, but in read only
- Permissions can be cluster wide as well as namespaced
Acceptance Criteria
- VM related resources are viewable from ACM search Virtual Machines page
- Through ClusterPermission, a role can be applied that provides access to all related/needed VM resources on managed clusters.
- Both ACM and OCP VM console pages are fully functioning through the extended VM roles provided from #2
Dependencies (internal and external)
- ...
Previous Work (Optional):
- ...
Open questions:
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Doc issue opened with a completed template. Separate doc issue
opened for any deprecation, removal, or any current known
issue/troubleshooting removal from the doc, if applicable. - Considerations were made for Extended Update Support (EUS)