Epic Goal

• The Goal of the epic is to add support for External Authentication feature introduced in OCP 4.19 for enabling SingleSignOn support in OpenShift GitOps.

Why is this important?

• In OCP 4.19, there is an optional feature called External Authentication that supports RHBK based SingleSignOn Support. This optional feature will be enabled by default be GA-ed in OCP 4.20 onwards.

Scenarios

1. User keeps the optional feature disabled. In this case, OAuth support with Dex needs to be supported by the GitOps Operator.
2. User explicitly enables the optional feature for External Authentication in OCP 4.19 cluster. In this case, the operator should not configure the default Dex based SSO configiuration and instead rely on the operator provided oidcConfig.

Other Considerations

References

OpenShift External Authentication Reference Architecture

Definition of Ready

• The epic has been broken down into stories.
• Stories have been scoped.
• The epic has been stack ranked.

Definition of Done

• Code Complete:
  • All code has been written, reviewed, and approved.
• Tested:
  • Unit tests have been written and passed.
  • Integration tests have been completed.
  • System tests have been conducted, and all critical bugs have been fixed.
  • Tested on OpenShift either upstream or downstream on a local build.
• Documentation:
  • User documentation or release notes have been written.
• Build:
  • Code has been successfully built and integrated into the main repository / project.
• Review:
  • Code has been peer-reviewed and meets coding standards.
  • All acceptance criteria defined in the user story have been met.
  • Tested by reviewer on OpenShift.
• Deployment:
  • The feature has been deployed on OpenShift cluster for testing.
• Acceptance:
  • Product Manager or stakeholder has reviewed and accepted the work.