You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe
I like the idea of applications which is the start of application-centric approach. I succeed to login kobs with authentication enabled via keycloak provider. However, it seems that the logged in user can view/access all the applications filtered by cluster and namespace but not by the team which the user belongs to.
teamCluster, teamNamespace and teamName in the following code snippet are always nil. If I'm not mistaken, they could be used to filter the applications.
I like the idea of restricting the applications which can be viewed by a user based on his permissions. I will have a look it this in the following days, how we can implement this.
Currently I see two options for the implementation (my preferred one would be the second one):
We can add a new global setting to restrict access to applications.
We can add it to the permissions section of the User / Team CR, so that we can still add exceptions for some users like cluster admins.
Notes regarding option 2
In the following example all users which are part of team1 would have access to all applications and all users which are part of team2 can only access the applications which have their teams added.
Another options would be to restrict the access to applications in the User / Team CR based on the cluster/namespace, but somehow this doesn't feel right for me and seems like we would not take advantage of the existing connection.
Is your feature request related to a problem? Please describe
I like the idea of applications which is the start of application-centric approach. I succeed to login kobs with authentication enabled via keycloak provider. However, it seems that the logged in user can view/access all the applications filtered by cluster and namespace but not by the team which the user belongs to.
A team defined in the application cr.
teamCluster, teamNamespace and teamName in the following code snippet are always nil. If I'm not mistaken, they could be used to filter the applications.
Describe the solution you'd like
The logged in user can only view/access the applications owned by his/her team.
The text was updated successfully, but these errors were encountered: