In #1 we implemented LDAP group sync. Since we'll move away from LDAP as authentication provider (to OIDC) we'll need another way to manage the groups.
Implement the feature in this component to manage user groups:
It should be possible to assign a list of usernames to a certain group. For example all VSHN users can be mapped to the "VSHN openshiftroot" group that way. Additionally this allows also customers to introduce groups of their own users.
Alternatives
Using LDAP group sync is currently the only option to manage user groups in OpenShift.
Acceptance Criteria
Given a hierarchy, when defining the group memberships in the tenant level (or higher up), then the RBAC groups are created for all clusters that are part of the hierarchy.
Given a defined group memberships in a hierarchy, when a specific user is removed/nullified from a group on a more specific level (e.g. cluster), then the specific user is not in the RBAC group.
Given a defined group memberships in a hierarchy, when an additional user is added to a group, then the RBAC group includes the given user.
Given a defined group memberships in a hierarchy, when the group is removed/nullified in lower level of the hierarchy, then the RBAC group will not be created
Context
In #1 we implemented LDAP group sync. Since we'll move away from LDAP as authentication provider (to OIDC) we'll need another way to manage the groups. Implement the feature in this component to manage user groups: It should be possible to assign a list of usernames to a certain group. For example all VSHN users can be mapped to the "VSHN openshiftroot" group that way. Additionally this allows also customers to introduce groups of their own users.
Alternatives
Using LDAP group sync is currently the only option to manage user groups in OpenShift.
Acceptance Criteria