Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-32505

Remove Openshift OAuth provider for OCP 4.20 when external OAuth enabled

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-2658Layered Operators Validation with OpenShift Bring Your Own External Authentication
    • Not Selected
    • Hide

      PARENT: OCPSTRAT-2658 - Layered Operators Validation with OpenShift Bring Your Own External Authentication

      DUE DATE: All layered product operators on OpenShift work correctly when BYO External Authentication is enabled.

      ACS PLAN:

      • Deprecation notice for OpenShift OAuth as IDP for ACS to be added by ACS 5.0
      • 2 releases before actual deprecation

       

      Show
      PARENT: OCPSTRAT-2658  - Layered Operators Validation with OpenShift Bring Your Own External Authentication DUE DATE: All layered product operators on OpenShift work correctly when BYO External Authentication is enabled. ACS PLAN: Deprecation notice for OpenShift OAuth as IDP for ACS to be added by ACS 5.0 2 releases before actual deprecation  

      Goal Summary:

      An elevator pitch (value statement) that describes the Feature in a clear, concise way.

      Openshift OAuth is disabled when external OAuth is enabled in OCP 4.20+.  Therefore ACS needs to ensure its Openshift OAuth provider is not available when external OAuth is enabled in OCP.

      Goals and expected user outcomes:

      The observable functionality that the user now has as a result of receiving this feature. Include the anticipated primary user type/persona and which existing features, if any, will be expanded. Complete during New status.

      • Cluster/ACS admins will be notified of upcoming potential loss of Openshift OAuth provider
      • Cluster/ACS admins won't be able to choose Openshift OAuth as an auth provider when OCP has external OAuth enabled.

      Acceptance Criteria:

      A list of specific needs or objectives that a feature must deliver in order to be considered complete. Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc. Initial completion during Refinement status.

      • TBD: What to do when external auth is enabled on OCP and ACS already has Openshift OAuth enabled?  Remove it, disable it, or let it fail?
      • The Openshift OAuth provider is still available when OCP has external OAuth disabled.
      • A warning banner and/or administrative event should be created when Openshift OAuth provider is currentl created.
      • A warning banner should be displayed when creating an Openshift OAuth provider.

      Success Criteria or KPIs measured:

      A list of specific, measurable criteria that will be used to determine if the feature is successful. Include key performance indicators (KPIs) or other metrics., etc. Initial completion during Refinement status.

      <enter success criteria and/or KPIs here>

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios together with user type/persona. Initial completion during Refinement status.

      <your text here>

      Out of Scope (Optional):

      High-level list of items that are out of scope. Initial completion during Refinement status.

      • Currently out of scope: Don't try to sync external OAuth configs from OCP. 

              atelang@redhat.com Anjali Telang
              rh-ee-klape Kyle Lape
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: