Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-25787

Arrange with the PICS team to run ACM E2E tests with RBAC enabled

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Hide

      Provide the required acceptance criteria using this template.

      • ...
      Show
      Provide the required acceptance criteria using this template. ...
    • Not Selected
    • None

      Value Statement

      RBAC for Virt is a new TP feature in ACM 2.15 (an enhanced version since ACM 2.14). However, the RBAC capability is limited to Virt scenarios for the time being. IN order to assess the impact to other existing ACM components, ie, ALC, CLC, GRC, etc, we need to plan for ACM E2E tests to be run with RBAc enabled. 

      Here's the instruction to enable RBAC in ACM 2.15:
       
      If logged in as kubeadmin, only steps one is needed.

      Prequisites are having the openshift virtualization (cnv) operator installed as well as the acm 2.15 build.
      1. once the operators are installed, you will need to enable fine-grained-rbac-preview component under spec.overrides.components in the multiclusterhub cr, then you can navigate to the user management section in the acm console that shows the rbac ui work
       
      from this point, there should be some clusterroles present on the hub cluster that gets deployed via policy, i would verify that there are 5 in the acm console user management section 
       
      2. from there, you will need to apply a clusterrolebinding to add kubevirt.io-acm-hub:view for the admin or whoever that wants to use the feature, which should give access with enough permissions to view all resources

      Definition of Done for Engineering Story Owner (Checklist)

      • ...

      Development Complete

      • The code is complete.
      • Functionality is working.
      • Any required downstream Docker file changes are made.

      Tests Automated

      • [ ] Unit/function tests have been automated and incorporated into the
        build.
      • [ ] 100% automated unit/function test coverage for new or changed APIs.

      Secure Design

      • [ ] Security has been assessed and incorporated into your threat model.

      Multidisciplinary Teams Readiness

      • [ ] Create an informative documentation issue using the Customer

      Portal Doc template that you can access from [The Playbook](

      https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

      and ensure doc acceptance criteria is met.

      • Call out this sentence as it's own action:
      • [ ] Link the development issue to the doc issue.

      Support Readiness

      • [ ] The must-gather script has been updated.

              rhn-support-vboulos Vincent Boulos
              rh-ee-ecai Eveline Cai
              Kurtis Wang
              Atif Shafi Atif Shafi
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: