Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make RBAC usage optional #3670

Open
c0d1ngm0nk3y opened this issue Dec 19, 2024 · 0 comments
Open

Make RBAC usage optional #3670

c0d1ngm0nk3y opened this issue Dec 19, 2024 · 0 comments
Labels
epic

Comments

@c0d1ngm0nk3y
Copy link
Contributor

Description

Korifi levereges RBAC to implement authorization (e. what apps are visible to a certain user). Since Korifi is currently interacting directly with RoleBinding this is currently fix.

If would be great to give the option to install Korifi without the use of RBAC. The authorization would not work out of the box, but has to be provided differently, similar to extenting Korifi via AppWorkload or BuildWorkload.

This has at least 2 aspects:

  • Instead of creating RoleBinding directly in the api, Korifi could create a CFRole object. Another (optional) controller would then watch those CFRole objects and creates the RoleBinding needed.

  • For accessing any cf objects (e. apps, processes, ...), this could be done by having a different sets of repositories (e.g. app_repository -> rbac/app_repository and noauth/app_reposiory).

This would improve the extensibility and wouldn't change any of the default behaviour.

Thoughts?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
epic
Projects
Korifi - Roadmap
Status: Draft
Milestone
No milestone
Development

No branches or pull requests
1 participant
@c0d1ngm0nk3y