Move the FGA subroutine functionality from the Account Operator to the Security Operator #46
Description
Description
- Today the initializer reconciles only workspaces that originate from accounts of type org.
- The account operator manages the intitial FGA tuples for the owner as well as the account
- The account operator also finalizes the account and removes given tuples form FGA
Target
Goal of this ticket is that the account operator has no FGA dependency when it comes to the initializing phase. Finalization will be covered in another ticket.
- Remove the processing logic of the fga subroutine in the account operator
- Extend the initializer to also write the account and owner tuples when initializing a workspace
- Add check in the initializer to be able to process accounts from type account and from type organization. (e.g. create fga stores only for organizations)
- Adjust the deployed workspacetypes so that the initializer is also called for account workspacetypes (this requires a change in the platform-mesh-operator)