Project

General

Profile

Actions

User story #23796

open

RBAC for nodes via tenants (view only)

Added by François ARMAND 3 months ago. Updated 2 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

Now that we have set-up the fundations for being able to RBAC on node (view only for now) in #23727, we need to actually do it.

The main ideas are:

- nodes can belong to a tenants (they can have a "tenant" attribute with an alpha-num identier)
- user can be associated to none, a list of, or all tenants access
- rudder filter out nodes accordingly to these two parameters, so that an user associated to tenant "zoneA" can only view nodes with the attribte "tenant=zoneA"

The feature will be enabled in a plugin, but some changes need to happen in rudder core too.
This isse is a main entry point and will redirect toward all sub-stories.


Subtasks 8 (6 open2 closed)

Architecture #23797: Backend evolution for node RBAC: add tenants domain conceptPending releaseVincent MEMBRÉActions
Architecture #23857: Impact of API change for tenants on pluginsReleasedVincent MEMBRÉActions
Rudder plugins - Architecture #23859: Impact of API change for tenants on private plugins ReleasedVincent MEMBRÉActions
Architecture #23856: Impact of RBAC node filtering on compliancePending releaseVincent MEMBRÉActions
Architecture #23927: Migrate away from NodeInfoServicePending technical reviewVincent MEMBRÉActions
User story #24140: Have a source of known-tenants in rudder-corePending releaseVincent MEMBRÉActions
User story #24292: The source of tenant and plugin status must be use to check node updatePending technical reviewVincent MEMBRÉActions
User story #24299: Inventory test data must have valid certificatePending technical reviewVincent MEMBRÉActions

Related issues 1 (1 open0 closed)

Related to Rudder - Architecture #23727: Group all node related access into one NodeFactRepositoryPending releaseVincent MEMBRÉActions
Actions #1

Updated by François ARMAND 3 months ago

  • Related to Architecture #23727: Group all node related access into one NodeFactRepository added
Actions #2

Updated by François ARMAND 3 months ago

  • Subtask #23797 added
Actions #3

Updated by François ARMAND 3 months ago

  • Subtask #23856 added
Actions #4

Updated by François ARMAND 3 months ago

  • Subtask #23927 added
Actions #5

Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 8.1.0~alpha1 to 8.1.0~alpha2
Actions #6

Updated by François ARMAND 27 days ago

  • Subtask #24140 added
Actions #8

Updated by François ARMAND 2 days ago

  • Subtask #24299 added
Actions

Also available in: Atom PDF