Owner: Architect:

Francesco Ilario

Story (Required)

As a Primaza Administrator, I would like primazactl to check users' permissions before perform procedures so that I'm more confident a procedure won't fail for lack of permissions.

Background (Required)

As described in Primaza's architecture document, we need to define a simple Command Line Application for Primaza Administrator.
The tool will help Primaza Administrators installing Primaza on a cluster and configuring Worker clusters.

Before starting complex procedures, like configure a Primaza or Worker cluster, primazactl should check if the user it's configured to use has the needed permissions.

See epic for arch document link.

Glossary

See glossary in architecture document

Out of scope

• primazactl commands that do not involve changes (i.e., read-only)

In Scope

• primazactl commands that apply changes

Approach(Required)

Use the Kubernetes APIs that kubectl auth can-i is using.

Demo requirements(Required)

A great demo will show the command failing before starting the procedure because of missing permissions for one of the last operation the procedure would have executed.

Dependencies

• primazactl

• Edge Case

NA

BDD Tests

NA

Acceptance Criteria

• Development
  primazactl checks whether it has all the needed permissions for working on target namespaces

• QE
  There are test cases for missing permissions scenario

• Docs
  There is a section in primazactl docs dedicated to explaining what permissions are needed for commands and how permissions check works.
  Update architecture document with any changes while implementing

INVEST Checklist

Dependencies identified
Blockers noted and expected delivery timelines set
Design is implementable
Acceptance criteria agreed upon
Story estimated

Legend

Unknown
Verified
Unsatisfied