Uploaded image for project: 'OpenShift API Server'
  1. OpenShift API Server
  2. API-1667

openshift-apiserver works with external OIDC

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Undefined Undefined
    • openshift-4.15
    • None
    • api
    • None
    • openshift-apiserver works with external OIDC
    • BU Product Work
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-946 - openshift-apiserver must function with external OIDC
    • OCPSTRAT-946openshift-apiserver must function with external OIDC
    • 0% To Do, 0% In Progress, 100% Done

      Epic Goal*

      openshift-apiserver (OAS) depends oauth-apiserver APIs such as User API and oauth client for some of its functionalities such as creating projects. When customers elect to use external OIDC, the built-in oauth may no longer be available or being removed altogether. OAS must continue work under that condition. If there are expected failures due to disabled/removed oauth, warnings/errors must be properly displayed/logged to ensure customers are aware.

       
      Why is this important? (mandatory)

      openshift-apiserver is responsible for handling project creation requests. Creating projects has been an important step for the customers to organize/manage their workloads. As a result, creating projects must be functional if built-in oauth is disabled/removed and works with external OIDC if possible.

      Without built-in oauth, project limit request will not be available as it needs User API from oauth to function. So this limitation must be documented.

       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1.  

       
      Dependencies (internal and external) (mandatory)

      Auth

      Contributing Teams(and contacts) (mandatory) 

      Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.

      • Development - Standa Laznicka
      • Documentation - Andrea Hoffer
      • QE - Wei Sun
      • PX - 
      • Others -

      Acceptance Criteria (optional)

      Provide some (testable) examples of how we will know if we have achieved the epic goal.  

      Drawbacks or Risk (optional)

      Reasons we should consider NOT doing this such as: limited audience for the feature, feature will be superseded by other work that is planned, resulting feature will introduce substantial administrative complexity or user confusion, etc.

      Done - Checklist (mandatory)

      The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.

      • CI Testing -  Basic e2e automationTests are merged and completing successfully
      • Documentation - Content development is complete.
      • QE - Test scenarios are written and executed successfully.
      • Technical Enablement - Slides are complete (if requested by PLM)
      • Engineering Stories Merged
      • All associated work items with the Epic are closed
      • Epic status should be “Release Pending” 

              vdinh@redhat.com Vu Dinh
              vdinh@redhat.com Vu Dinh
              Ke Wang Ke Wang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: