Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-22868

RBAC for VirtualMachine Related Resources - TP

XMLWordPrintable

    • rbac-vm-related-resources
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
    • VIRTSTRAT-51Enable fine-grained RBAC support in ACM for Virt use cases
    • 67% To Do, 33% In Progress, 0% Done
    • Critical

      OCP/Telco Definition of Done
      https://docs.google.com/document/d/1TP2Av7zHXz4_fmeX4q9HB0m9cqSZ4F6Jd4AiVoaF_2s/edit#heading=h.gaa58bzbvwde
      Epic Template descriptions and documentation.
      https://docs.google.com/document/d/14CUCEg6hQ_jpsFzJtWo29GfFVWmun2Uivrxq3_Fkgdg/edit
      ACM-wide Product Requirements (Top-level Epics)
      https://docs.google.com/document/d/1uIp6nS2QZ766UFuZBaC9USs8dW_I5wVdtYF9sUObYKg/edit

      *<--- Cut-n-Paste the entire contents of this description into your new
      Epic --->*

      Epic Goal

      To provide a VM admin the necessary access to manage VirtualMachine related resources. This includes the VM pod, attached secrets/configmaps, storage (PV, PVC), networking (NetworkAttachmentDefinition), etc. The current VM admin permissions (kubevirt:admin) does not include any of these related resources.

      Why is this important?

      VM admins need to be able to view/modify VM related resources in order to troubleshoot issues. If they do not have, then their troubleshooting ability will be limited.

      Scenarios

      1. VM admin can access all related VM resources with modify permissions
      2. VM view permissions can access the same as above, but in read only
      3. Permissions can be cluster wide as well as namespaced

      Acceptance Criteria

      1. VM related resources are viewable from ACM search Virtual Machines page
      2. Through ClusterPermission, a role can be applied that provides access to all related/needed VM resources on managed clusters.
      3. Both ACM and OCP VM console pages are fully functioning through the extended VM roles provided from #2

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Doc issue opened with a completed template. Separate doc issue
        opened for any deprecation, removal, or any current known
        issue/troubleshooting removal from the doc, if applicable.
      • Considerations were made for Extended Update Support (EUS)

              rh-ee-mshort Matthew Short
              rh-ee-mshort Matthew Short
              Atif Shafi Atif Shafi
              Joydeep Banerjee Joydeep Banerjee
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: