Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3303

TEP-0026: Pluggable Interceptors - Multi-tenant implementation

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • 8
    • False
    • None
    • False
    • Not Selected
    • Pipelines Sprint 225

      Today, interceptors can be configured directly in EventListener definition, which allows Teams to have their own/custom interceptors configured and managed in their namespace without the need of having any specific permissions (only admin permissions in the namespace).

      With TEP-0026: Pluggable Interceptors this will go away (as per Any current Interceptor configuration is still usable (until beta) in the new model without requiring any manual changes on part of the end user. As part of beta, we can deprecate the old syntax.) and therefore require elevated privileges to create/register their custom interceptors.

      In OpenShift Container Platform 4 - Clusters hosting multiple tenants, this will cause massive disruptions as specific tenants will have difficulties to register/create custom interceptors depending on the permissions given or else they will be shared with different tenants which is also not acceptable.

      It's therefore requested to either re-consider the deprecation of the current functionality where the interceptors can be configured directly in EventListener or else provide an approach with the new implementation that allows to use it on tenant level, where the resources are completely isolated on namespace level.

      Key goal should be that namespace admin can create and manage it's custom interceptors without requiring elevated permissions and that the resources are restricted and thus not visible to other tenants and therefore namespaces.

              rh-ee-ksaha Koustav Saha
              rhn-support-sreber Simon Reber
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: