flyte icon indicating copy to clipboard operation
flyte copied to clipboard
verified publisher icon flyteorg

[RFC] Flyte Admin RBAC + Project/Domain Isolation

Open Sovietaced opened this issue 1 year ago • 12 comments

Tracking issue

Related to https://github.com/flyteorg/flyte/issues/5189 Related to https://github.com/flyteorg/flyte/issues/4622

Sovietaced avatar Oct 20 '24 00:10 Sovietaced

Codecov Report

:white_check_mark: All modified and coverable lines are covered by tests. :white_check_mark: Project coverage is 36.71%. Comparing base (bdaf79f) to head (ef505e2). :warning: Report is 325 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5871   +/-   ##
=======================================
  Coverage   36.71%   36.71%           
=======================================
  Files        1304     1304           
  Lines      130081   130081           
=======================================
  Hits        47764    47764           
  Misses      78147    78147           
  Partials     4170     4170
Flag Coverage Δ
unittests-datacatalog 51.58% <ø> (ø)
unittests-flyteadmin 54.41% <ø> (ø)
unittests-flytecopilot 11.73% <ø> (ø)
unittests-flytectl 62.40% <ø> (ø)
unittests-flyteidl 6.89% <ø> (ø)
unittests-flyteplugins 53.62% <ø> (ø)
unittests-flytepropeller 42.84% <ø> (ø)
unittests-flytestdlib 54.78% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov[bot] avatar Oct 20 '24 00:10 codecov[bot]

cc: @robert-ulbrich-mercedes-benz

eapolinario avatar Oct 21 '24 22:10 eapolinario

2024-11-7 Contributor's sync notes: Jason introduced the proposal and expects to work on the implementation as a feature gate. Community feedback is important to learn how the community is using providers other than Okta to handle authz and groups.

davidmirror-ops avatar Nov 07 '24 22:11 davidmirror-ops

What's the current status of the proposal?

chicco785 avatar Jan 06 '25 22:01 chicco785

What's the current status of the proposal?

I am working through an initial pull request to add this functionality.

Sovietaced avatar Jan 06 '25 23:01 Sovietaced

What's the current status of the proposal?

I am working through an initial pull request to add this functionality.

That's cool and I am happy to have a look! What about the TSC evaluation phases? I have seen other posts where RBAC was dismissed...

chicco785 avatar Jan 06 '25 23:01 chicco785

That's cool and I am happy to have a look! What about the TSC evaluation phases? I have seen other posts where RBAC was dismissed...

I'm not familiar with the TSC evaluation phase but everyone is eager for this to get over the line.

Sovietaced avatar Feb 14 '25 06:02 Sovietaced

I have completed an initial implementation. Please take a look: https://github.com/flyteorg/flyte/pull/6190

Sovietaced avatar Feb 27 '25 21:02 Sovietaced

While the PR awaits review a few folks have checked it out in their forks and have got it working so feel free to try it out and provide feedback on the ux.

Sovietaced avatar Mar 26 '25 00:03 Sovietaced

Acceptance of this proposal is contingent on the consolidation of SIG-RBAC with the scope proposed here

davidmirror-ops avatar May 08 '25 16:05 davidmirror-ops

Hi, I was wondering what's missing to get forward and merge the PR? We absolutely would love this feature, which is required for us to adopt flyte.

testinfected avatar Nov 18 '25 22:11 testinfected

Hi, I was wondering what's missing to get forward and merge the PR? We absolutely would love this feature, which is required for us to adopt flyte.

@davidmirror-ops ?

testinfected avatar Nov 18 '25 22:11 testinfected