-
Epic
-
Resolution: Done
-
Undefined
-
None
-
None
-
None
-
Add RBAC to Perses Dashboards in OpenShift
-
Product / Portfolio Work
-
OBSDA-1019Connect Perses authentication and authorization to OpenShift authentication and authorization
-
0% To Do, 0% In Progress, 100% Done
-
False
-
-
False
-
Not Selected
-
None
-
None
-
None
Description
“In order to allow customers and teams to define access rules to Perses dashboards in OCP , we as the Observability UI Team need to connect the Perses RBAC with the OpenShift (k8s) RBAC”
Goals & Outcomes
Product Requirements:
- OCP users can create role bindings to specific users have access to specific dashboards in a namespace (perses project)
Engineering/Data Analytics Requirements:
- GlobalRoles to allow access to dashboards are created by COO, the following roles will be created by default:
-
- perses-dashboards-viewer: This will allow to see all the dashboards
- perses-dashboards-editor: This will allow to edit all the dashboards
- The global roles should be assigned to the service account of the perses-operator so it can reconcile the Dashboards created as CRs
Documentation
https://perses.dev/perses/docs/auth/authorization/
Open Questions
- Should the perses operator should reconcile the roles created in k8s with the perses API roles?
- We probably need to adjust Perses backend auth, so it can delegate the authorization to the perses operator or some proxy that checks k8s roles.
- is duplicated by
-
-
- Verified
-
-
-
- Closed
-
- is related to
-
COO-1013 [COO1.2.1] - Monitoring UIPlugin is not reconciled when all flags are false
-
- Verified
-
-
-
- Verified
-
-
-
- Verified
-
-
-
- Closed
-
-
-
- Closed
-
-
OU-786 [Perses] Use Perses variables selectors and skin them with Patternfly guidelines
-
- Closed
-
-
OU-875 [COO1.2.1] - Update COO's team Acceptance Test doc with Perses RBAC testing
-
- Closed
-