-
Feature
-
Resolution: Done
-
Critical
-
None
-
Strategic Portfolio Work
-
False
-
-
False
-
OCPSTRAT-6Tokenized Auth Enablement for OLM-managed Operators on AWS
-
0% To Do, 17% In Progress, 83% Done
-
0
-
Program Call
Feature Overview (aka. Goal Summary)
The following OLM-managed operators are deemed critical and shall be enabled for the standardized STS configuration flow (OCPBU-559):
- AWS ALB Operator
- AWS EFS Operator
- OADP
- Cluster Logging
Goals (aka. expected user outcomes)
Unblock critical functionality on ROSA with a streamlined, repeatable user experience to ease adoption of the service.
Requirements (aka. Acceptance Criteria):
- based on
OCPBU-559, the following operators will be enabled to support the standard configuration flow for STS:- ALB Operator
- EFS Operator
- OADP
- Cluster Logging
- the operators core logic and metadata will be adapted to enable the flow on the command line and the Console
Background
In interaction with ROSA customers these operators often come up as foundational to successful adoption of the platform. Having a streamlined process around installing these with integration into STS will enable security-conscious customers to adopt the platform faster.
Customer Considerations
Customers are trained to use the ccoctl tool to carry out IAM changes in conjunction with ROSA.
Documentation Considerations
Every one of these operators needs to clearly outline with IAM permissions are required and provide easy to follow steps to create them. This information should be visible from the operators description (part of the OLM metadata) as well as reside in the components official product documentation.
- blocks
-
OCPSTRAT-127 Continued STS enablement for selected OLM-managed operators
- In Progress
- is blocked by
-
OCPSTRAT-171 CloudCredentialOperator-based flow for OLM-managed operators and AWS STS
- Closed
- relates to
-
OCPSTRAT-110 Hypershift-enablement for short-lived token authentication flows with OLM-managed operators with CCO
- Closed
- links to