Project

General

Profile

Actions

User story #23796

open

RBAC for nodes via tenants (view only)

Added by François ARMAND 8 months ago. Updated 11 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

Now that we have set-up the fundations for being able to RBAC on node (view only for now) in #23727, we need to actually do it.

The main ideas are:

- nodes can belong to a tenants (they can have a "tenant" attribute with an alpha-num identier)
- user can be associated to none, a list of, or all tenants access
- rudder filter out nodes accordingly to these two parameters, so that an user associated to tenant "zoneA" can only view nodes with the attribte "tenant=zoneA"

The feature will be enabled in a plugin, but some changes need to happen in rudder core too.
This isse is a main entry point and will redirect toward all sub-stories.


Subtasks 9 (1 open8 closed)

Architecture #23797: Backend evolution for node RBAC: add tenants domain conceptReleasedVincent MEMBRÉActions
Architecture #23857: Impact of API change for tenants on pluginsReleasedVincent MEMBRÉActions
Rudder plugins - Architecture #23859: Impact of API change for tenants on private plugins ReleasedVincent MEMBRÉActions
Architecture #23856: Impact of RBAC node filtering on complianceReleasedVincent MEMBRÉActions
Architecture #23927: Migrate away from NodeInfoServicePending technical reviewVincent MEMBRÉActions
User story #24140: Have a source of known-tenants in rudder-coreReleasedVincent MEMBRÉActions
User story #24292: The source of tenant and plugin status must be use to check node updateReleasedVincent MEMBRÉActions
API authorizations - Bug #24450: Update API ACL pluginReleasedVincent MEMBRÉActions
User story #24299: Inventory test data must have valid certificateReleasedVincent MEMBRÉActions

Related issues 1 (0 open1 closed)

Related to Rudder - Architecture #23727: Group all node related access into one NodeFactRepositoryReleasedVincent MEMBRÉActions
Actions #1

Updated by François ARMAND 8 months ago

  • Related to Architecture #23727: Group all node related access into one NodeFactRepository added
Actions #2

Updated by François ARMAND 8 months ago

  • Subtask #23797 added
Actions #3

Updated by François ARMAND 7 months ago

  • Subtask #23856 added
Actions #4

Updated by François ARMAND 7 months ago

  • Subtask #23927 added
Actions #5

Updated by Vincent MEMBRÉ 6 months ago

  • Target version changed from 8.1.0~alpha1 to 8.1.0~beta1
Actions #6

Updated by François ARMAND 5 months ago

  • Subtask #24140 added
Actions #8

Updated by François ARMAND 4 months ago

  • Subtask #24299 added
Actions #9

Updated by Vincent MEMBRÉ 4 months ago

  • Target version changed from 8.1.0~beta1 to 8.1.0~beta2
Actions #10

Updated by Vincent MEMBRÉ 4 months ago

  • Target version changed from 8.1.0~beta2 to 8.1.0~rc1
Actions #11

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 8.1.0~rc1 to 8.1.0
Actions #12

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 8.1.0 to 8.1.1
Actions #13

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 8.1.1 to 8.1.2
Actions #14

Updated by Vincent MEMBRÉ 2 months ago

  • Target version changed from 8.1.2 to 8.1.3
Actions #15

Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 8.1.3 to 8.1.4
Actions #16

Updated by Vincent MEMBRÉ 23 days ago

  • Target version changed from 8.1.4 to 8.1.5
Actions #17

Updated by Vincent MEMBRÉ 11 days ago

  • Target version changed from 8.1.5 to 8.1.6
Actions

Also available in: Atom PDF