Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-29070

Support declarative configuration for ACS machine access configuration

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Done
    • Icon: Critical Critical
    • 4.9.0
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done
    • Hide
      RHACS customers can now declaratively configure machine to machine OIDC authentication. To configure m2m auth resources, you create YAML files that contain configuration information. These files are used to create a ConfigMap or Secret that is added to Central by using a mount point during installation of the RHACS Central resource. Refer to declarative configuration documentation for an example on setting up declarative configuration for short-lived OIDC token usage.
      Show
      RHACS customers can now declaratively configure machine to machine OIDC authentication. To configure m2m auth resources, you create YAML files that contain configuration information. These files are used to create a ConfigMap or Secret that is added to Central by using a mount point during installation of the RHACS Central resource. Refer to declarative configuration documentation for an example on setting up declarative configuration for short-lived OIDC token usage.
    • Feature
    • Yes

      Goal Summary:

      RHACS Customers would like to use declarative configuration to setup m2m OIDC authentication. Today, this feature is already available for setting up authentication resources other than the m2m OIDC authentication. Having a declarative configuration helps customers in automating creation and management of these resources. 

      Goals and expected user outcomes:

      Provide declarative configuration for m2m access between RHACS Central and OIDC Identity Provider as mentioned here https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.4/html/operating/managing-user-access#configure-short-lived-access 

      Acceptance Criteria:

      User is able to create m2m auth declaratively using current approach of configmaps/secrets. 

      Success Criteria or KPIs measured:

      1. User is able to create m2m auth declaratively using current approach of configmaps/secrets with OIDC Identity providers
      1. After creation of this setup, user can exchange OIDC tokens from IDP with RHACS Central's API token and access RHACS API Resources successfully 

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios together with user type/persona. Initial completion during Refinement status.

      <your text here>

      Out of Scope (Optional):

       Changing Configmaps to CRDs is out of scope for this Feature request. We will need a separate request for that.  

              atelang@redhat.com Anjali Telang
              rhn-support-bsmitley Brandon Smitley
              Anjali Telang Anjali Telang
              ACS Sensor & Ecosystem
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: