-
Epic
-
Resolution: Done
-
Critical
-
None
-
only-cluster-admin-migrations
-
Product / Portfolio Work
-
77
-
- cluster-admins have permission to LM
- namespaces admins do not have the permission to LM by default
- a role exists to grant permissions to any user/group as opt-in
-
Green
-
Done
-
VIRTSTRAT-226 - Live migration to specific node
-
-
0% To Do, 0% In Progress, 100% Done
-
Goal
Today, any namespace admin can create and trigger migrations.
In order to avoid abuse, let's limit the triggering of migrations to cluster-admins.
Before the change namespace admins (system:admin) can trigger migrations.
After the change namespace admins can not trigger migrations.
The reasoning is that moving VMs on the infra level, without impact to the user, is an infra admin - clsuter-admin - only task.
User Stories
- "As a cluster admin, I want to be the only human to trigger VM live migrations, so that nobody can abuse this mechanism.
- another user story
Non-Requirements
- List of things not included in this epic, to alleviate any doubt raised during the grooming process.
Notes
- Any additional details or decisions made/needed
- mentioned on
1.
|
upstream roadmap issue |
|
Closed | 
|
Unassigned |
2.
|
upstream design |
|
Closed |
|
Unassigned |
3.
|
upstream documentation |
|
Closed |
|
Unassigned |
4.
|
upgrade consideration |
|
Closed |
|
Unassigned |
5.
|
CEE/PX summary presentation |
|
Closed |
|
Kedar Bidarkar |
6.
|
test plans in polarion |
|
Closed |
|
Unassigned |
7.
|
automated tests |
|
Closed |
|
Unassigned |
8.
|
downstream documentation merged |
|
Closed |
|
Unassigned |
