Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-27242

Multicluster IAM Experience at the hub (Phase 1)

XMLWordPrintable

    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 100% To Do, 0% In Progress, 0% Done

      Feature Overview

      To introduce a consistent Identity and Access Management experience for admins and users on a RHACM hub which offers centralized and delegated multicluster access that aligns with RHACM's fine-grained Role-Based Access Control (RBAC) system.

      Support is offered for standardised external OAUTH systems, upstream community systems, as well as Red Hat solutions.

      The feature should provide both a CLI and UI experience.

      Goals

      Phase 1 Goals:

      • To define the user story (see below for that) - PM
      • To confirm alignment with OCP effort of Bring Your Own External OIDC: https://issues.redhat.com/browse/OCPSTRAT-1804 ENG/ARCH
      • Investigate how RHACM works with External OIDC based auth today
      • To allow engineering and architecture time to triage the conceptĀ 

      I expect the outcome of this issue to mostly relate to a few engineering SPIKEs, EPICs, and perhaps a DDR.

      Non-Goals

      Customer facing deliverables are not expected in this first phase.

      Requirements

      This Section: A list of specific needs or objectives that a Feature must
      deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
      If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
      it does not shift the feature.

      Requirement Notes isMvp?
      CI - MUST be running successfully with test automation This is a
      requirement for ALL features.      		 YES
      Release Technical Enablement Provide necessary release enablement details
      and documents.      		 YES

      Use Cases

      As a Platform Operator managing a fleet of OpenShift clusters across various environments (hybrid/multicloud) ...

      I want to centrally configure and enforce access control across all my clusters using a variety of OAUTH solutions including third-party OAUTH providers, and map the authenticated users to appropriate roles on my managed clusters via Red Hat Advanced Cluster Management (RHACM) ...

      So that I can ensure consistent security compliance, simplify user access management and delegate granular, standardized Role-Based Access Control (RBAC) across the entire fleet without managing user accounts individually on each cluster.

      This should work on OpenShift and Compliant Kubernetes distributions.

      Questions to answer

      • So many.

      Out of Scope

      • Any customer facing functionality (in Phase 1)

      Background, and strategic fit

      This Section: What does the person writing code, testing, documenting
      need to know? What context can be provided to frame this feature?

      Assumptions

      • This is for engineering triage.

      Customer Considerations

      • TBC

      Documentation Considerations

      • None for Phase 1

              leyan@redhat.com Le Yang
              asimonel August Simonelli
              Joshua Packer
              Hui Chen Hui Chen
              August Simonelli August Simonelli
              ACM Server Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: