Task: Add RBAC Logic for Templates and Instances #275
Description
Understand the Task
Description
This task defines and implements the Kubernetes Role-Based Access Control (RBAC) necessary to govern who can create and manage ManagedControlPlaneTemplate resources and their dynamically generated instances.
- For Platform Administrators: Define ClusterRole and ClusterRoleBinding to allow full management of cluster-scoped ManagedControlPlaneTemplates.
- For Platform Users: Define Role and RoleBinding within specific namespaces to allow creation and management of namespace-scoped
ManagedControlPlaneTemplatesand their corresponding generated CR instances. This ensures users can only create and manage resources within their designated project namespaces.
Any further valuable resources.
- Kubernetes RBAC Best Practices
- Understanding aggregationRule for ClusterRoles.
What is required to accept the Task as done.
Done Criteria
- YAML manifests for ClusterRole, ClusterRoleBinding, Role, and RoleBinding that accurately define permissions for:
- Platform Administrators to manage cluster-scoped
ManagedControlPlaneTemplates. - Platform Users to manage namespace-scoped
ManagedControlPlaneTemplatesand their generated instances within allowed namespaces.
- Platform Administrators to manage cluster-scoped
- Verification that RBAC rules correctly enforce access policies for different personas and scopes.
- Code has been reviewed by other team members
- Internal technical Documentation created/updated
- New / changed code is documented
- Unit Tests created for new code or existing Unit Tests updated
- Integration Test Suite updated
- Enduser Documentation updated (if applicable)
- Successful demonstration in Review