Uploaded image for project: 'Subscription Watch'
  1. Subscription Watch
  2. SWATCH-3829

Phase 0: Enable SWATCH Workspace Resolution

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • None
    • None
    • swatch-workspace-resolution-phase0
    • False
    • Hide

      None

      Show
      None
    • False
    • To Do
    • CRCPLAN-307 - Management Fabric | Self-Service Onboarding Support/Validation (Subscription Management)
    • 100% To Do, 0% In Progress, 0% Done

      Objective

      Build foundational workspace resolution capability in SWATCH services to enable workspace-based data filtering while maintaining safe fallback to org_id during transition.

      Background

      Red Hat is migrating from RBACv1 (org-based) to RBACv2 (workspace-based) authorization. This epic represents Phase 0 of SWATCH's transition - adding the capability to resolve and use workspace IDs without breaking existing functionality.

      Must Have (Phase 0 Implementation)

      • RBACv2 Integration: API client generation and WorkspaceResolutionService
      • Feature Flag Control: Unleash flag (rbac-v2-workspace-mapping) to enable/disable workspace resolution
      • Database Schema: Add workspace_id columns to key tables (hosts, tally snapshots, etc.)
      • Dual Filtering: Query capability supporting workspace_id with org_id fallback
      • Safety Mechanisms: Graceful fallback to org_id on workspace resolution failure
      • Authentication: Workspace resolution filters and auth integration
      • Observability: Basic logging, error handling, and success/failure metrics
      • Documentation: Component documentation for workspace resolution

      Acceptance Criteria

      • SWATCH services successfully resolve workspace IDs from org IDs via RBACv2 API
      • Feature flag completely controls workspace vs org_id filtering behavior
      • All new data includes both org_id and workspace_id associations
      • Zero impact to existing functionality when feature flag is disabled
      • Safe fallback mechanisms prevent any data access failures
      • Dual filtering works correctly - can query by workspace_id OR fall back to org_id

      Won't Have (Phase 0 - Future Phases)

      • Data migration/backfill for existing records → SWATCH-3892 (Phase 1)
      • Performance optimization through caching → SWATCH-3892 (Phase 1)
      • Removing org_id fallback logic → SWATCH-3893 (Phase 2)
      • Dropping org_id columns entirely → SWATCH-3893 (Phase 2)
      • Advanced caching strategies → SWATCH-3892 (Phase 1)
      • Complex retry/circuit breaker patterns → SWATCH-3892 (Phase 1)

      Follow-up Epics

      • SWATCH-3892: Phase 1: SWATCH Workspace Data Backfill & Migration - Migrate existing data and add performance optimizations
      • SWATCH-3893: Phase 2: Complete RBACv1 Deprecation - Remove org_id dependencies entirely

      Key Architecture Decision

      This "crawl" approach prioritizes safety and gradual rollout over performance optimization, allowing the team to gain confidence with workspace resolution before tackling data migration complexity.

      https://docs.google.com/document/d/1-6utv2OGMVe3776qM2AjY9AoJ2qRu2XFvxFQPDodrVs/edit?usp=sharing

              lburnett0 Lindsey Burnett
              lburnett0 Lindsey Burnett
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: