-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
Pluggable interceptors
-
8
-
False
-
None
-
False
-
To Do
-
Pipelines Sprint 225
Today, interceptors can be configured directly in EventListener definition, which allows Teams to have their own/custom interceptors configured and managed in their namespace without the need of having any specific permissions (only admin permissions in the namespace).
With TEP-0026: Pluggable Interceptors this will go away (as per Any current Interceptor configuration is still usable (until beta) in the new model without requiring any manual changes on part of the end user. As part of beta, we can deprecate the old syntax.) and therefore require elevated privileges to create/register their custom interceptors.
In OpenShift Container Platform 4 - Clusters hosting multiple tenants, this will cause massive disruptions as specific tenants will have difficulties to register/create custom interceptors depending on the permissions given or else they will be shared with different tenants which is also not acceptable.
It's therefore requested to either re-consider the deprecation of the current functionality where the interceptors can be configured directly in EventListener or else provide an approach with the new implementation that allows to use it on tenant level, where the resources are completely isolated on namespace level.
Key goal should be that namespace admin can create and manage it's custom interceptors without requiring elevated permissions and that the resources are restricted and thus not visible to other tenants and therefore namespaces.
- clones
-
RFE-3303 TEP-0026: Pluggable Interceptors - Multi-tenant implementation
- Accepted