Uploaded image for project: 'Red Hat OpenShift Data Science'
  1. Red Hat OpenShift Data Science
  2. RHODS-2740

Admin UI for mapping RHODS groups

XMLWordPrintable

    • RHODS 1.16

      Overview

      As an admin, I need to be able to define RHODS admin and user groups so I can set appropriate access rights without having to manually edit a config map file.

      Aspects of this story:

      • admin UI to map OpenShift groups to RHODS admin and RHODS user groups. Currently, this is done via a config map. We want to avoid admins having to manually edit config map files.

      Implementation

      We will develop a new settings panel to control the [groups configuration|https://marvelapp.com/prototype/i8fjdjh/screen/87135387].

      The user will be able to:

      • Multi-select groups for the Data science administrator group. This will update the Configmap with the selected group in a comma-separated value in admin-groups.
      • Multi-select groups for the Data science user group. This will update the Configmap with the selected group in a comma-separated value in allowed_groups. We can have "system:authenticated" as a valid value to allow everyone who is authenticated in OpenShift.

      The dropdown will display all the actual groups in the cluster and the user could select them in the panel.

      Edge-cases

      We can bump into certain situations just as selecting a group in the panel, just for that group to be deleted by a cluster admin, in those cases we could:

      1. Display an error showing that the group no longer exists in the cluster.
      2. Remove the group and the selection from the panel.

       

      Update{}

      Summarizing the today meeting:

      • we agreed that it wouldn't be a good behavior to automtically change the admin access permissions to RHODS dashboard
      • we agreed to force the "cluster-admins" to always be RHODS admins.
        • a cluster admin can access any setting of the cluster, so it makes sense to give them access to RHODS admin settings too 
        • there will always be at least one admin which can access the "Cluster settings" page in RHODS Dashboard (covers the discussions in the previous comments)
        • the UI (RHODS-3787)  and Docs will inform users about this design choice
      • we agreed to not forcing the admin access to "dedicated-admins" group
        • we want to have a restricted number of "admins by default" users 
        • yes, "dedicated-admins" can manually change the config maps, but it will break the contract jdemoss@redhat.com may need to update the Service Defintion document after this implementation is in place
        • "dedicated-admins" can still be set as RHODS admins in the configuration

        1. image-2022-08-29-18-43-14-043.png
          image-2022-08-29-18-43-14-043.png
          18 kB

            lferrnan@redhat.com Lucas Fernandez Aragon
            jdemoss@redhat.com Jeff DeMoss
            Milind Waykole Milind Waykole
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: