Epic Goal

• Secure the communications with the Assisted Service instance running on the rendezvous node

Why is this important?

• Only authorized services can access Assisted Service running in the rendezvous node

Scenarios

1. During the initial phase of the installation several actors require to interact with the Assisted Service instance running on the rendezvous node:
   • The assisted UI (running on the rendezvous node itself)
   • The assisted installer (agent) processes (running on all the nodes)

Acceptance Criteria

• External unauthorized processes will not be able to interact with the Assisted Service API

Dependencies (internal and external)

1. The token generation should be done in the above-the-sea UI level, as it will be differentiated per customer 

Previous Work (Optional):

1. Currently the automated ABI workflow implements by default an authentication and authorization mechanism to secure the AS interaction. A VIP PR documents it https://github.com/openshift/installer/pull/9224

Open questions::

1. Do we need to secure the user access to the Assisted UI via https?
2. Does the user need to login via some credentials to the Assisted UI?

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>