Uploaded image for project: 'RH Developer Hub Planning'
  1. RH Developer Hub Planning
  2. RHDHPLAN-933

Decouple the RHDH backend from authentication module plugins

Create Doc EPIC from R...Prepare for Z ReleasePrepare Test Plan (Y R...XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      Now that authentication modules appear to mostly support declarative configuration there isn't as much need for our built-in authentication module, or for the backend to continue to statically depend on the entire suite of possible authentication modules listed here. As it should be possible to install authentication modules via dynamic plugins, we could extract out this authentication module's functionality into a set of distinct plugins and relevant configurations. This way users would then configure the authentication modules they want as dynamic plugins, along with the configuration relevant to those authentication modules.

      Changes relevant to the frontend would be done as part of adopting the new frontend system. It should be possible to implement this backend change without affecting the frontend, as the frontend code is also controlled by the authentication provider configuration, with the exception of possibly SCMAuth setups, but cases where that has needed modification have already required using ENABLE_AUTH_MODULE_OVERRIDE.

      Note: This however does mean that backend authentication modules would then need to be managed by users in the dynamic plugins configuration.

      Background/Feature Origin

      This is a follow on step from the work done for RHIDP-5484, and relevant to RHDHPLAN-740

      Why is this important?

      This will simplify implementing more elaborate authentication configuration and reduce the effort to keep the authentication module up to date in future releases. Also removing these dependencies from the backend will simplify the backend dependency tree.

      Documentation Impact

      This feature would have an impact on documentation, as the user would need to decide on what list of authentication provider modules they need and configure those dynamic plugins accordingly. The user would need to be guided on the most appropriate place to put authentication provider module configuration, i.e. if we decide to bake defaults into our authentication module configuration the user should be informed how these defaults could be overridden.

              rh-ee-jhe Jessica He
              stlewis_2 Stan Lewis
              RHDH Security
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: