Value Statement

When direct authentication is enabled, there is no list of users or groups available in OpenShift. Even when using the built-in OCP authentication, users are not created until first login, so there is value in being able to enter usernames manually with any configuration.

Definition of Done for Engineering Story Owner (Checklist)

• From User management > Roles > <role> > Role assignments, Create role assignment should support manually entering a user or group

Currently, adding a pre-authorized user actually creates a User resource, so it will not work with direct authentication. There is no support currently for manually entering a group.

Open Questions:

• Do we need to redesign the current add pre-authorized user flow, or could we update the current design so that it holds the new User (or Group) in state to show in the list?
• Should we update the Identities tab to read User/Group names from MulticlusterRoleAssignment resources? (separate story if so)

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.