-
Epic
-
Resolution: Done
-
Normal
-
None
-
None
-
Add Authorization to internal Components of Agent Installer
-
BU Product Work
-
False
-
-
False
-
Green
-
Done
-
OCPSTRAT-1571 - Add Authorization to internal Components of Agent-Based Installer
-
-
0% To Do, 10% In Progress, 90% Done
-
-
Installer (PB) Sprint 258, Installer (PB) Sprint 259, Installer Sprint 260, Installer Sprint 261, Installer Sprint 262, Installer (PB) Sprint 263
Epic Goal
- Implement authorization to secure API access for different user personas/actors in the agent-based installer.
- User Personas:
-
- Read-Only Access: For "wait-for" and "monitor-add-nodes" commands.
- Read-Write Access: For systemd services and the agent service.
Why is this important?
- The agent-based installer APIs have implemented basic security measures through authentication, as covered in
AGENT-145. To further enhance security, it is crucial to implement user persona/actor-based authorization, allowing for differentiated access control, such as read-only or read-write permissions, based on the user's role. This approach will provide a more robust and secure API framework, ensuring that users can only perform actions appropriate to their role.
Scenarios
- Users running the wait-for or monitor-add-nodes commands should have read-only permissions. They should not be able to write to the API. If they attempt to perform write operations, appropriate error messages could be displayed, indicating that they are not authorized to write.
- Users associated with running systemd services should have both read and write permissions.
- Users associated with running the agent service should also have read and write permissions.
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- is blocked by
-
-
- Closed
-