-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
Token minter and federated identities for operators running management side with access to customer azure account
-
False
-
None
-
False
-
Not Selected
-
To Do
-
100% To Do, 0% In Progress, 0% Done
-
Hypershift Sprint 246, Hypershift Sprint 247
-
0
-
0
-
0
User Story:
- As a service provider following the best security practices I don't to have privileged access to user cloud account creds.
Acceptance Criteria:
- Enable a token minter similar to what we’ve done in AWS, for components running in the management side that require access to customer azure account.
- All components consume a minted token:
-
- Ingress
- Registry
- Storage
- Networking
- Kube cloud provider
- Nodepool management (CAPZ)
- CPO (private link endpoints)
-
_Need to discuss with Ben Vesel before agreen on a design for this feature - https://docs.google.com/document/d/1pqLO0IVu0_TIRxDMn5OWUodSSt9I-Fg0XWxwm7hgV80/edit?disco=AAAA6fEH_gA_
https://redhat-internal.slack.com/archives/C05Q232L29E/p1697034263321229
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- (optional) https://github/com/link.to.enhancement/
- (optional) https://issues.redhat.com/link.to.spike
- Engineering detail 1
- Engineering detail 2
This requires/does not require a design proposal.
This requires/does not require a feature gate.
