Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-2723

RBAC Backend plugin module support

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Major Major
    • 1.3.0
    • None
    • Permissions
    • None
    • RBAC Backend plugin module support
    • False
    • Hide

      None

      Show
      None
    • False
    • RHDHPLAN-493RBAC Backend plugin module support
    • To Do
    • RHDHPLAN-493 - RBAC Backend plugin module support
    • QE Needed, Docs Needed, TE Needed, Customer Facing, PX Needed
    • 0% To Do, 0% In Progress, 100% Done
    • With this update, {product-short} can load roles and permissions into the RBAC Backend plugin through the use of extension points with the help of a plugin module.
    • Enhancement
    • Done

      EPIC Goal

      What are we trying to solve here?

      Provide support to potentially load in additional roles from external identity and access management solutions.

      Background/Feature Origin

      RBAC Backend plugin allows admins to create roles and permissions that can be used to limit access with Backstage and RHDH. These roles and permissions are only able to be created by using either the RBAC backend plugin either through the use of a CSV file or the REST API. Also, there are other tooling that admins can use to create permissions and roles with. At the moment users would need to create permissions and roles within both the RBAC plugin and whatever other identity and access management tooling they are currently using as there is currently no way to sync the two. This leads to a lot of potential duplication that will need to be managed.

      Why is this important?

      This duplication can lead to issues and headaches for the admins of RHDH. One such issue is in the event that there the role in the RBAC plugin is out of sync with a role in another tooling option. We could image a user being removed within the tooling but never properly removed in the RBAC plugin potentially leading to other headaches down the line.

      Solution

      To combat this, we could attempt to expose extension points that could be used by plugin modules to load in permissions and roles from various tooling. Modules could be separate plugins that are either created by the Janus IDP team or even the community with a focus around a particular tool.

      User Scenarios

      • Ability to load in roles and permissions into the RBAC Backend plugin through the use of extension points with the help of a plugin module
      • Ability to schedule how often I would want these roles and permissions synced to the RBAC Backend plugin.

      Dependencies (internal and external)

      Acceptance Criteria

      Release Enablement/Demo - Provide necessary release enablement details
      and documents

      DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
      Issue>

      DEV - Upstream documentation merged: <link to meaningful PR or GitHub
      Issue>

      DEV - Downstream build attached to advisory: <link to errata>

      QE - Test plans in Playwright: <link or reference to playwright>

      QE - Automated tests merged: <link or reference to automated tests>

      DOC - Downstream documentation merged: <link to meaningful PR>

      Additional note

      This epic is based on this documentation that I have written. Included in the documentation are my thoughts on what will be needed to accomplish this goal.

              rh-ee-pknight Patrick Knight
              rh-ee-pknight Patrick Knight
              RHDH Plugins
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: