Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-27858

Policy as code GA

XMLWordPrintable

    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      Policy-as-code adds the ability to manage RHACS policies as Kubernetes custom resources, enabling GitOps workflows using tools like Red Hat GitOps (Argo CD). This capability is now GA, featuring multiple enhancements including:
      - Clusters and notifiers are addressed by name instead of UUID
      - Additional error handling

      For more information, see [ XXX Managing policies as code].
      Show
      Policy-as-code adds the ability to manage RHACS policies as Kubernetes custom resources, enabling GitOps workflows using tools like Red Hat GitOps (Argo CD). This capability is now GA, featuring multiple enhancements including: - Clusters and notifiers are addressed by name instead of UUID - Additional error handling For more information, see [ XXX Managing policies as code].
    • Proposed
    • Yes
    • 0

      Description:

      Goal Summary:

      Allow customers to use PaC in production.

      At least one of our top 50 customers does not even agree to test non GA features.

      Goals and expected user outcomes:

      We need to add the minimal missing viable pieces for PaC to go GA.

      Ideally, leading into the development, we would solicit additional feedback from users of 4.6 and 4.7, but even if we don't, we will go GA with what we know, as follows:

      Functional Requirements 

      1. Stable API: As a security or devops engineer developing ACS policies,
        • I need to know that the CRD is stable so so that future changes would be backwards compatible. For that I expect the API version to be a stable version such as "v1"
      2. Names for UUID: As a security or devops engineer developing ACS policies,
        • I need the CR to include a cluster NAME and notifier NAME instead of (in addition to) UUID so that my policies can be applied by automation and not be dependent on the cluster where the policy was originally created.

       

      Technical Requirements

      See epic: ROX-26529

      Acceptance Criteria:

      A list of specific needs or objectives that a feature must deliver in order
      to be considered complete. Be sure to include nonfunctional requirements
      such as security, reliability, performance, maintainability, scalability,
      usability, etc. Initial completion during Refinement status.

      <enter general Feature acceptance here>

      Success Criteria or KPIs measured:

      A list of specific, measurable criteria that will be used to determine if
      the feature is successful. Include key performance indicators (KPIs) or
      other metrics., etc. Initial completion during Refinement status.

      <enter success criteria and/or KPIs here>

              bmichael@redhat.com Boaz Michaely
              bmichael@redhat.com Boaz Michaely
              Boaz Michaely Boaz Michaely
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: