-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
DJ-IDM: RBAC
-
To Do
-
0% To Do, 0% In Progress, 100% Done
-
False
NOTE: ticket supersedes https://issues.redhat.com/browse/HMS-1371
Goal:
- Define and implement the RBAC CRUD permissions for the IdP registry service
Acceptance Criteria:
- RBAC permissions are defined:
- A draft document:
https://docs.google.com/document/d/1NHg1bPfQ5qbaSBfOYzERzYY83NWBAISDHPU6K-Ba1vc/edit# - A PR merged at rbac-config repository:
https://github.com/RedHatInsights/rbac-config
- A draft document:
- RBAC permissions enforced in the service API.
- Middleware component (see hmscontent middleware at: https://github.com/content-services/content-sources-backend/tree/main/pkg/middleware ).
- Unit tests:
- Add unit tests to cover the middleware behavior and edge cases.
(See hmscontent at: https://github.com/content-services/content-sources-backend/blob/main/pkg/middleware/rbac_test.go )
- Add unit tests to cover the middleware behavior and edge cases.
- The middleware can be enabled/disabled from the config.yaml (by default enabled), and the base url for the rbac service can be set up from the configuration.
Out of scope:
- Create a rbac mock to get expected responses when running locally.
Additional Information:
- Introduction: https://docs.google.com/presentation/d/1vWUg5rFnd4LoK-GztxPUuCrRwEA6jUTnH2bfzYD8ck4/edit#slide=id.ge1972098fe_0_210
- Client:
- Mocks:
- Look at enhancement in hmscontent by using caching for the rbac request, and evaluate if add them as part of this ticket; probably this should be add in a different ticket:
https://issues.redhat.com/browse/HMS-1735 - Related: https://redhat-internal.slack.com/archives/C023VGW21NU/p1686579925891739
- Related: https://issues.redhat.com/browse/HMS-470