-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
3
-
False
-
-
False
-
XCMSTRAT-580 - [UI Portion] External OIDC Configuration via OCM in HCP
-
-
-
OCM Core Sprint 253, OCMUI Core Sprint 254, OCMUI Core Sprint 255, OCMUI Core Sprint 256, OCMUI Core Sprint 257
External Authentication currently uses subscription permissions to verify a user's authorization to make changes to external authentication providers and credentials. The api uses cluster permissions and if the subscription and cluster permissions did not align, there could be unexpected behavior.
- This work will be held off until
OCMUI-1389closes (passes QE). - This work will be held off until
OCMUI-1618merges. - API: https://gitlab.cee.redhat.com/service/uhc-clusters-service/-/blob/master/pkg/osd/external_auth_service.go?ref_type=heads#L131
A.C.
- Cluster permissions will be used for all permissions checks in external authentication
- specifically, canUpdateClusterResource will replace canEdit
- 2 files affected: BreakGlassCredentialList.tsx and ExternalAuthProviderList.tsx