Project

General

Profile

Actions
Copy link

User story #23796

open

RBAC for nodes via tenants (view only)

Added by François ARMAND 5 months ago. Updated 11 days ago.

Status:
New
Priority:
N/A
Assignee:
-
Category:
Security
Target version:
8.1.3
Pull Request:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

Now that we have set-up the fundations for being able to RBAC on node (view only for now) in #23727, we need to actually do it.

The main ideas are:

- nodes can belong to a tenants (they can have a "tenant" attribute with an alpha-num identier)
- user can be associated to none, a list of, or all tenants access
- rudder filter out nodes accordingly to these two parameters, so that an user associated to tenant "zoneA" can only view nodes with the attribte "tenant=zoneA"

The feature will be enabled in a plugin, but some changes need to happen in rudder core too.
This isse is a main entry point and will redirect toward all sub-stories.

Subtasks 9 (1 open8 closed)

Architecture #23797: Backend evolution for node RBAC: add tenants domain conceptReleasedVincent MEMBRÉActions
Architecture #23857: Impact of API change for tenants on pluginsReleasedVincent MEMBRÉActions
Rudder plugins - Architecture #23859: Impact of API change for tenants on private plugins ReleasedVincent MEMBRÉActions
Architecture #23856: Impact of RBAC node filtering on complianceReleasedVincent MEMBRÉActions
Architecture #23927: Migrate away from NodeInfoServicePending technical reviewVincent MEMBRÉActions
User story #24140: Have a source of known-tenants in rudder-coreReleasedVincent MEMBRÉActions
User story #24292: The source of tenant and plugin status must be use to check node updateReleasedVincent MEMBRÉActions
API authorizations - Bug #24450: Update API ACL pluginReleasedVincent MEMBRÉActions
User story #24299: Inventory test data must have valid certificateReleasedVincent MEMBRÉActions

Related issues 1 (0 open1 closed)

Related to Rudder - Architecture #23727: Group all node related access into one NodeFactRepositoryReleasedVincent MEMBRÉActions
Actions
Copy link

Also available in: Atom PDF