Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-27092

Moving Cluster-Permission component from ACM to MCE

XMLWordPrintable

    • Moving Cluster-Permission component from ACM to MCE
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • ACM-27150 - Fine-Grained RBAC experience at the hub (Phase 2)
    • ACM-27150Fine-Grained RBAC experience at the hub (Phase 2)
    • Important

      OCP/Telco Definition of Done
      https://docs.google.com/document/d/1TP2Av7zHXz4_fmeX4q9HB0m9cqSZ4F6Jd4AiVoaF_2s/edit#heading=h.gaa58bzbvwde
      Epic Template descriptions and documentation.
      https://docs.google.com/document/d/14CUCEg6hQ_jpsFzJtWo29GfFVWmun2Uivrxq3_Fkgdg/edit
      ACM-wide Product Requirements (Top-level Epics)
      https://docs.google.com/document/d/1uIp6nS2QZ766UFuZBaC9USs8dW_I5wVdtYF9sUObYKg/edit

      *<--- Cut-n-Paste the entire contents of this description into your new
      Epic --->*

      Epic Goal

      Cluster-Permission is currently an ACM component that provides the ClusterPermission API, allowing users to create ClusterRoles, Roles, ClusterRoleBindings, and RoleBindings on managed clusters. However, it represents a missing piece in the MCE RBAC model, which already offers the ManagedServiceAccount API for creating ServiceAccounts on managed clusters. Without a corresponding permission management capability, these ServiceAccounts cannot perform any actions on the managed clusters.

      Moving Cluster-Permission into MCE would complete the RBAC model by pairing authentication (ManagedServiceAccount) with authorization (ClusterPermission). Additionally, this change would simplify the implementation of the UserPermissions API, which depends on the ClusterPermission API.

      Why is this important?

      ...

      Scenarios

      ...

      Acceptance Criteria

      ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Doc issue opened with a completed template. Separate doc issue
        opened for any deprecation, removal, or any current known
        issue/troubleshooting removal from the doc, if applicable.
      • Considerations were made for Extended Update Support (EUS)

              dbennett@redhat.com Disaiah Bennett
              leyan@redhat.com Le Yang
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: