Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- tc-approved

Story Points:
5
Blocked:
True
Blocked Reason:

Hide

~~OCMUI-1765~~, ~~OCMUI-1768~~, ~~OCMUI-1769~~

Show
OCMUI-1765 , OCMUI-1768 , OCMUI-1769
Ready:
False
Epic Link:
ROSA HCP cluster must be configurable with external OIDC
Feature Link:
XCMSTRAT-580 - [UI Portion] External OIDC Configuration via OCM in HCP
Intelligence Requested:
Market:

Sprint:
OCM Core Sprint 253, OCMUI Core Sprint 254

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

For HCP clusters that have the external_auth_config enable flag set to true, a new menu option is needed for the access control tab on the overview page.

The "External Authentication" section will allow for 2 initial functions:

1) Setup external authentication provider (this is the work for this ticket)

2) Users will be able to associate external users to cluster admin functions using the "break glass" (see ~~OCMUI-1618~~)

https://docs.google.com/document/d/1HaEaQKzzQqNMiPxovnYWasLB2yVjHnsfSIs1q8BWD2Q/edit#heading=h.2vltyx50ycbv

Before issuing the command to add the external provider, the provider needs to be setup with instructions in the above document. Specifically the id, url and audiences items.

Setting up external provider looks like this:

 
echo '{
   "id": "m-entra-id",
   "issuer": {
        "url": "https://login.microsoftonline.com/fa5d3dd8-b8ec-4407-a55c-ced639f1c8c5/v2.0",
        "audiences": [
            "a9464024-b142-4bdf-86c0-a153109cdb14"
        ]
   },
   "claim": {
        "mappings": {
            "username": {
                "claim": "email"
            },
            "groups": {
                "claim": "groups"
            }
        }
   }
}' | ocm post /api/clusters_mgmt/v1/clusters/29b4kri70gup8le2iutt3db59plj3069/external_auth_config/external_auths

Acceptance Criteria:

1) User will see the "External Authentication" section

2) Users will be able to add/edit/delete a new external auth provider

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

Screenshot 2024-05-20 at 1.04.41 PM.png
353 kB
2024/05/20 8:05 PM
Screenshot 2024-05-20 at 12.26.51 PM.png
107 kB
2024/05/20 8:02 PM

is depended on by

OCMUI-1618 UI Break Glass - allow user to create access for externally controlled cluster

Closed

is related to

OCMUI-1765 [Hypershift ROSA] Name and Issuer URL fields are missing on the Add external authentication provider dialog

Closed

OCMUI-1817 [OCM-UI] [Hypershift-ROSA] [External authentication] CA file contents are not uploaded when the user clears the existing contents and uploads them again

Closed

OCMUI-1769 [OCM-UI][Hypershift-ROSA] The error message for invalid user input is unclear

Closed

OCMUI-1768 [OCM-UI] Empty section is shown for CA file contents when user erases the content and hits the Add button

Closed

links to

OCP-73562

mentioned on

Merge request - OCMUI-1494,OCMUI-1422: View/Add/Delete External authentication provider

Merge request - OCMUI-1618: Add and view break glass credentials

Merge request - Release candidate Jun 5, 2024

(1 links to, 3 mentioned on)

Assignee:: Zac Herman

Reporter:: David Taylor

QA Contact:: LAKSHMI SHIVANTHI AMARACHINTHA

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024/03/01 1:00 PM

Updated:: 2024/06/06 11:51 PM

Resolved:: 2024/06/03 7:52 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates