Project

General

Profile

Actions
Copy link

User story #23796

open

RBAC for nodes via tenants (view only)

Added by François ARMAND 5 months ago. Updated 3 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
8.1.2
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

Now that we have set-up the fundations for being able to RBAC on node (view only for now) in #23727, we need to actually do it.

The main ideas are:

- nodes can belong to a tenants (they can have a "tenant" attribute with an alpha-num identier)
- user can be associated to none, a list of, or all tenants access
- rudder filter out nodes accordingly to these two parameters, so that an user associated to tenant "zoneA" can only view nodes with the attribte "tenant=zoneA"

The feature will be enabled in a plugin, but some changes need to happen in rudder core too.
This isse is a main entry point and will redirect toward all sub-stories.

Subtasks 9 (1 open8 closed)

Architecture #23797: Backend evolution for node RBAC: add tenants domain conceptReleasedVincent MEMBRÉActions
Architecture #23857: Impact of API change for tenants on pluginsReleasedVincent MEMBRÉActions
Rudder plugins - Architecture #23859: Impact of API change for tenants on private plugins ReleasedVincent MEMBRÉActions
Architecture #23856: Impact of RBAC node filtering on complianceReleasedVincent MEMBRÉActions
Architecture #23927: Migrate away from NodeInfoServicePending technical reviewVincent MEMBRÉActions
User story #24140: Have a source of known-tenants in rudder-coreReleasedVincent MEMBRÉActions
User story #24292: The source of tenant and plugin status must be use to check node updateReleasedVincent MEMBRÉActions
API authorizations - Bug #24450: Update API ACL pluginReleasedVincent MEMBRÉActions
User story #24299: Inventory test data must have valid certificateReleasedVincent MEMBRÉActions

Related issues 1 (0 open1 closed)

Related to Rudder - Architecture #23727: Group all node related access into one NodeFactRepositoryReleasedVincent MEMBRÉActions
Actions
Copy link
 #1

Updated by François ARMAND 5 months ago

  • Related to Architecture #23727: Group all node related access into one NodeFactRepository added
Actions
Copy link
 #2

Updated by François ARMAND 5 months ago

  • Subtask #23797 added
Actions
Copy link
 #3

Updated by François ARMAND 5 months ago

  • Subtask #23856 added
Actions
Copy link
 #4

Updated by François ARMAND 4 months ago

  • Subtask #23927 added
Actions
Copy link
 #5

Updated by Vincent MEMBRÉ 3 months ago

  • Target version changed from 8.1.0~alpha1 to 8.1.0~beta1
Actions
Copy link
 #6

Updated by François ARMAND 3 months ago

  • Subtask #24140 added
Actions
Copy link
 #8

Updated by François ARMAND about 2 months ago

  • Subtask #24299 added
Actions
Copy link
 #9

Updated by Vincent MEMBRÉ about 2 months ago

  • Target version changed from 8.1.0~beta1 to 8.1.0~beta2
Actions
Copy link
 #10

Updated by Vincent MEMBRÉ about 1 month ago

  • Target version changed from 8.1.0~beta2 to 8.1.0~rc1
Actions
Copy link
 #11

Updated by Vincent MEMBRÉ 22 days ago

  • Target version changed from 8.1.0~rc1 to 8.1.0
Actions
Copy link
 #12

Updated by Vincent MEMBRÉ 16 days ago

  • Target version changed from 8.1.0 to 8.1.1
Actions
Copy link
 #13

Updated by Vincent MEMBRÉ 3 days ago

  • Target version changed from 8.1.1 to 8.1.2
Actions
Copy link

Also available in: Atom PDF