XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Undefined
Fix Version/s: Future
Affects Version/s: None
Component/s: Container Native Virtualization, Search
Labels:
- acmrbac

Epic Name:
Search support general rbac model
Activity Type:
Product / Portfolio Work
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
Parent Link:
VIRTSTRAT-51Enable fine-grained RBAC support in ACM for Virt use cases

Severity:
Critical

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

PX Impact Score:

Intelligence Requested:
Market:

OCP/Telco Definition of Done
https://docs.google.com/document/d/1TP2Av7zHXz4_fmeX4q9HB0m9cqSZ4F6Jd4AiVoaF_2s/edit#heading=h.gaa58bzbvwde
Epic Template descriptions and documentation.
https://docs.google.com/document/d/14CUCEg6hQ_jpsFzJtWo29GfFVWmun2Uivrxq3_Fkgdg/edit
ACM-wide Product Requirements (Top-level Epics)
https://docs.google.com/document/d/1uIp6nS2QZ766UFuZBaC9USs8dW_I5wVdtYF9sUObYKg/edit

*<--- Cut-n-Paste the entire contents of this description into your new
Epic --->*

Epic Goal

Currently in 2.15 with fine grained rbac enabled, the only fine grained rbac resources that search can handle are kubevirt (virtualization) resources. Search gets authorization info from server foundations aggregate api, which only supports kubevirt resources. There is a plan to enhance the aggregate api server to support general kubernetes resources here: https://issues.redhat.com/browse/ACM-21974

Once server foundation enhances the aggregate api to support general kubernetes resources for fine grained rbac, search will need to be enhanced based on the new aggregate api server apis.

Why is this important?

For search to support other fine grained rbac user cases besides virtualization.

Scenarios

Non-virt customers would like to use search with fine grained RBAC for their specific use cases.

Acceptance Criteria

...

Dependencies (internal and external)

Previous Work (Optional):

Open questions:

Done Checklist

CI - CI is running, tests are automated and merged.
Release Enablement <link to Feature Enablement Presentation>
DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue>
DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue>
DEV - Downstream build attached to advisory: <link to errata>
QE - Test plans in Polarion: <link or reference to Polarion>
QE - Automated tests merged: <link or reference to automated tests>
DOC - Doc issue opened with a completed template. Separate doc issue
opened for any deprecation, removal, or any current known
issue/troubleshooting removal from the doc, if applicable.
Considerations were made for Extended Update Support (EUS)

depends on

ACM-21974 Aggregate API Server - RBAC model refinement for all Kubernetes resources

Backlog

Assignee:: Jorge Padilla

Reporter:: Matthew Short

QA Contact:: Atif Shafi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/11/05 5:06 PM

Updated:: 2025/11/05 5:16 PM

Details

Description

Epic Goal

Why is this important?

Scenarios

Acceptance Criteria

Dependencies (internal and external)

Previous Work (Optional):

Open questions:

Done Checklist

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates