Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-1310

Secret for RegisteredService protected data

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • Primaza 0.1
    • None
    • Service Binding
    • None
    • AppSvc Sprint 234, AppSvc Sprint 235

      Owner: Architect:

      Francesco Ilario

      Story (Required)

      As a Primaza Developer, I would like Primaza to store Registered Service connection data in a Secret so that sensible information is isolated

      Background (Required)

      As defined in the Primaza architecture document, Registered Services stores extracted data in the serviceEndpointDefinition field.
      As of now, all data are stored in the Registered Service structure, even sensible ones.
      We need to move out this data and store them in a secret that has to be pushed together with the Registered Service.

      See epic for arch document link.

      Glossary

      See glossary in architecture document

      Out of scope

      NA

      In Scope

      • declare sensible data
      • store sensible data in secret
      • Service Agent's Service Class Controller pushes the secret to Primaza

      Approach(Required)

      Modify the ServiceClass's Resource.ServiceEndpointDefinitionMapping list such that its entries has the following format:

      resource: 

    serviceEndpointDefinitionMapping: 

    - name: <name>
      jsonPath: <jsonpath expression>
      sensitive: true|false # default true

      When building the Registered Service from a Service Class also create the Secret with protected data.
      When creating the Secret in Primaza's Control Plane namespace, set the Registered Service as owner of the Secret.

      Demo requirements(Required)

      NA

      Dependencies

      NA

      Edge Case

      NA

      BDD Tests

      You can find BDD Test specification for this story in the "Testing Instruction" Field Tab or in the GitHub Issue linked to this story.
      Click here for all BDD Tests Issues.

      Acceptance Criteria

      • Development
        ServiceClass controller creates a secret with the RegisteredService protected data
      • QE
        There are test cases for creation and deletion of RegisteredService with protected data
      • Docs
        There is a section in our RegisteredService/ServiceClass docs dedicated to explaining how we manage Service protected data
        Update architecture document with any changes while implementing

      INVEST Checklist

      Dependencies identified
      Blockers noted and expected delivery timelines set
      Design is implementable
      Acceptance criteria agreed upon
      Story estimated

      Legend

      Unknown
      Verified
      Unsatisfied

              ansadler@redhat.com Andy Sadler
              rh-ee-filario Francesco Ilario
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: