-
Notifications
You must be signed in to change notification settings - Fork 0
Sprint 2 Demo
Ahmed Gamal edited this page Aug 30, 2023
·
17 revisions
We would like to implement a project where OPA policies can be easily configured in realtime through the GUI through a friendly-user interface. Our project focuses on two types of policies, RBAC (Role-Based Access Control), and ABAC (Attribute-Based Access Control)
RBAC mainly includes:
- Roles
- Resources
- Permissions
ABAC mainly includes:
- Roles
- Resources
- Attributes for roles and resources
- Permissions
| Objective | Objective in Detail | Capacity Percentage | Risks | Dependencies |
|---|---|---|---|---|
| UI design for the frontend | Before working on the frontend, we need to have a design ready with the shared components defined. | Getting familiar with Figma may take longer than expected and hinder the progress of actual development | Knowledge of Figma and UI/UX | |
| Visualization for the current resources, roles, permissions | This objective requires us to visualize the roles, the scopes, and the permissions available in the system. This requires us to settle on a design to show them to the user. | Data Representation: Designing an effective and understandable way to represent complex policy, role, and permission relationships visually | UI design | |
| Real Time changes for the policies, roles, permissions | This objective requires a frontend to allow editing for select types of users. The change these users want should be reflected in realtime to the policy engine. This also requires running automated tests whenever policy is changed. | Third-Party Dependencies Rollback Strategy Automated Test Failures Data Conflicts | Visualization of roles, policies, and permissions |
Team Capacity: 2 individuals * 6 hours * 7 days = 84 hours
Sprint Capacity = 87/84 = 1.03
Frontend:
- UI Design on Figma. Check it out here
- Role Addition POC
Backend:
- Discovery and Integration with OPAL
- Realtime permission changes
- Had to learn Figma and Vue as part of this sprint, which took considerable time
- Understanding open source code and integration into our design
- Previous sprint's capacity did not have a buffer for unexpected challenges, which led us to bite off more than we can chew
| Objective | Objective in Detail | Risks | Dependencies |
|---|---|---|---|
| Edit Roles | We still need to be able to edit the set roles from the GUI | ||
| Display resources and permissions | Similar to what has been done for the roles, we need to display the resources and permissions in a user-friendly manner | ||
| Edit resources and permissions | We also need to edit the set resources and permissions from the GUI | ||
| Automated testing | We still need to automatically run tests before editing permissions | ||
| MVP deployment | After recognizing the challenges of our project, we believe deploying the RBAC MVP is important before starting to work on ABAC | ||
| SSO | We will need to implement SSO, preferably using a microsoft account, taking into account the frontend and backend | ||
| Integrated IDE | Implement an IDE to edit code from the GUI |
Find the tasks here
Estimated total time for tasks = 53.5, Team capacity = 2 individuals * 5 hours * 8 days = 80
Capacity percentage = 53.5/80 = 66.875%
- Front: 41.521/40 = 1.04
- Back: 18/40 = 45%
Capacity percentage = 46.2/80 = 57.75%
Front: 28.2/40 = 70.5%
- Make sure that the node server is compatible with (bitbucket,gitlab)
- POC test with dstny OPA
- Dockerize services
- SSO is low priority for now
- Main sprint goal =>
- RBAC Completed (Mandotary)
- POC with Dstny OPA (Mandotary)
- Automated Tests (Mandotary)
- Deployment (Mandotary)
- Integrated IDE (Optional)
| Objective | Objective in Detail | Risks | Dependencies |
|---|---|---|---|
| Implementing ABAC permissions | If implementation and deployment of RBAC permissions go as planned, we would like to continue the project by implementing ABAC permissions as well | ||
| Bug exploration and solving |