Task: Create simple GraphQL ServiceProvider #266
Description
Understand the Task
Description
We need to create a special ServiceProvider which handles the RBAC Configuration for the UI GraphQL Backend.
It needs to create ClusterAccess Resources for the GraphQL Backend as well as AccessRequest for the MCPs so it gets ServiceAccounts for the GraphQL Backend to access the CRDs on the MCP Clusters.
Any further valuable resources.
The GraphQL Backend has a CRD which is called ClusterAccess. It tells the GraphQL Backend which Clusters it can access.
To allow the GraphQL Backend to automatically connect to MCPs, we need to create the ClusterAccess Resources with an access token.
Our MCP V2 Architecture has the AccessRequest CR which can give Services access to clusters. We could use the AccessRequest CR to get an ServiceAccount Token which has access to CRDs in the MCP clusters.
The ServiceProvider which will be created in this task should provide another Resource where a user can activate the UI. After doing that, the ServiceProvider should create an AccessRequest and the ClusterAccess Resource so the Gateway can access the MCP and look at the CRDs of the MCP.
Solution
This ServiceProvider should create an additional Resource in the onboarding cluster. It should be called UI or UIAccess. If the user creates this resource, it enables the Gateway for the respective MCP.
The ServiceProvider should then create the AccessRequest needed for the ClusterAccess of the Gateway.
What is required to accept the Task as done.
Done Criteria
- UI GQL PlatformService is created
- PlatformService is tested
- Internal technical Documentation created/updated
- New / changed code is documented
- Unit Tests created for new code or existing Unit Tests updated
- Integration Test Suite updated
- Enduser Documentation updated (if applicable)
- Successful demonstration in Review
Out of Scope / Follow Up
The UI should be its own PlatformService. This would then deploy the ServiceProvider and the UI itself as well as the Gateway.