Support for updating client permissions for self-service application deployments #1189
Comments
devdattakulkarni
changed the title
|
We could create consumer-kubeconfig.py, which performs actions similar to provider-kubeconfig.py. Another option is to change the name of provider-kubeconfig.py to more generic name and include the consumer kubeconfig generation/permission update functionality in it. An example would be - kubeconfighandler.py. We will also have to take in additional flag indicating who is the target persona for whom the action is being taken (provider or the consumer). We could label this flag as "-w" (standing of "who"). It can take two values - "provider" or "consumer". |
devdattakulkarni
changed the title
|
Note that currently the kubeplus-saas-consumer ServiceAccount is being created in the KubePlus Deployment Helm chart. We will have to change that to create this service account in the new utility that we will add. This will be similar to the change that we have made for kubeplus-saas-provider ServiceAccount. |
devdattakulkarni
changed the title
devdattakulkarni
changed the title
Consumers can create application instances in a self-service manner using consumer specific kubeconfig that KubePlus creates. It is possible that the application Helm chart defines resources on whom the consumer kubeconfig does not have required permissions (CRUD, for example). We should add a plugin to grant/update permissions for the consumer kubeconfig. This functionality will be similar to the functionality that we currently have for adding/updating permissions for Provider.
As part of this functionality, we also need an easy way to extract consumer kubeconfig.
The text was updated successfully, but these errors were encountered: