-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
This user story outlines the creation of a declarative authorization rule framework for the RHOAI platform, leveraging label selectors to link authorization rules with cluster components such as services effectively.
The central piece is the AuthRule, a data structure intended for simplifying the application of authorization policies.
This resource should initially support:
- rules for Kubernetes SubjectAccessReview (aiming for feature parity with Authorino's AuthConfig)
- encompass a list of hosts it applies to, ensuring targeted policy enforcement.
- ability to exclude certain paths from applying the auth(z) rules
Acceptance Criteria:
- Developers can define AuthRule as using a declarative syntax, incorporating label selectors for direct linkage to cluster components.
- AuthRule supports the definition of Kubernetes SubjectAccessReview rules and includes a specification for applicable hosts.
1.
|
[AuthConfig/SAR] investigate user/group rules check | New | Unassigned |