Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3883

Azure: Remove Automatic Identity Creation

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • Azure Identity Refactor
    • Product / Portfolio Work
    • OCPSTRAT-1916Azure - Remove not required permissions from the Nodes
    • 0% To Do, 0% In Progress, 100% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • Green
    • Hide

      3/14: The entire implementation (but no validation) is in code review and has had positive pre-merge testing with some minor changes being addressed. This is on track. If anythiing slips, it would be validation and that would be fine to handle as a bug, but I don't think that will be necessary.

      Show
      3/14: The entire implementation (but no validation) is in code review and has had positive pre-merge testing with some minor changes being addressed. This is on track. If anythiing slips, it would be validation and that would be fine to handle as a bug, but I don't think that will be necessary.
    • None

      OCP/Telco Definition of Done
      Epic Template descriptions and documentation.

      <--- Cut-n-Paste the entire contents of this description into your new Epic --->

      Epic Goal

      • Remove automatic (opinionated) creation (and attachment) of identities to Azure nodes
      • Allow API to configure identities for nodes

      Why is this important?

      • Creating and attaching identities to nodes requires elevated permissions
      • The identities are no longer required (or used) so we can reduce the required permissions

      Scenarios

      1. Users want to do a default ipi install that just works without the User Access Admin role
      2. Users want to BYO user-assigned identity (requires some permissions)
      3. Users want to use a system assigned identity

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.
      • ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

              padillon Patrick Dillon
              padillon Patrick Dillon
              None
              None
              Jinyun Ma Jinyun Ma
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: