Non-SaaS users can rapidly validate their processes during development.
User Problem
Play is run on Camunda's SaaS environment in an unsecured URL. This doesn't meet enterprise customer requirements, especially for self-managed users with higher demands or C7 community users who are interested in trying C8
User Stories
Connection
[x] (M) [Docker] As a solo developer, I want to connect to the provided Zeebe cluster so I can use Play
[x] (M) [Helm] As an enterprise admin, I want to define a development cluster so my team can use Play without configuring it each session
Out of Scope
~(W) [Desktop] When using Desktop Modeler, I want to play my process so I can see how it would execute~
~(W) [Mixed Mode] When using Web Modeler self managed locally, I want to deploy to a shared cluster in the private cloud so I can do whatever I want~
Cluster Selection
~(S) [Dev Tag] As an enterprise admin, I want to provide a dev tag so I can filter by the appropriate clusters~
[ ] (S) [Docs] As an enterprise admin, I want advice on how to configure a cluster for Play so I can get the best experience
Authentication
[x] (M) [Authenticate] As a developer, I want to authenticate my deployment so I can use a secured dev cluster
[x] (M) [Persisted Creds] As a developer, I want my cluster credentials to be persisted so I don't have to authenticate my deployment every time
~(C) [Shared Creds] As an admin, I want to save cluster credentials so any user can Play their process on a shared dev cluster without having the M2M token~
Risk Mitigation
[x] (S) [Restrict] As an admin, I want to restrict who can use Play so I can avoid unintended actions on my development cluster [NOTE: can be a no-op if users must enter the M2M token or deploy permissions don't change]
~S) [Tenancy] As an admin, I want to connect Play to a tenant within a cluster so I can isolate its usage from API-based dev usage~
~(C) [Team Isolation] As an admin, I want to connect a team's use of Play to a tenant within a cluster so I can isolate teams from each other~
User Experience
[x] (M) [Auto-Deploy] When I deploy my process to Play, I want all dependencies deployed as well so I can quickly iterate on my process [NOTE: no change from the current behavior]
[x] (M) [Data] When I play my process, I want to retrieve information from the Camunda cluster so I have active information [NOTE: no change from the current behavior]
Implementation Notes
Minimal Experience:
Setup: Play is available by default on Web Modeler Self Managed. The setup journey is the same as SaaS, with the user selecting any cluster (tags might not be supported) when creating a process application.
When opening Play for the first time, the user selects a cluster (if not already provided) and provides an M2M token (if authentication is not handled by Identity+Web Modeler)
When switching back to Play, the user should not have to select a cluster and M2M token
The cluster can be provided by the Web Modeler in a process application
If the token is persisted locally, there is no new security risk and authorized developers can use Play
If the token is persisted in the process app config, the risk changes from having to share M2M tokens broadly to allowing anyone in the project to use the dev cluster regardless of their role. For dev clusters it should be an acceptable risk, but this has not been discovered
Value Proposition Statement
Non-SaaS users can rapidly validate their processes during development.
User Problem
Play is run on Camunda's SaaS environment in an unsecured URL. This doesn't meet enterprise customer requirements, especially for self-managed users with higher demands or C7 community users who are interested in trying C8
User Stories
Connection
Cluster Selection
Authentication
Risk Mitigation
User Experience
Implementation Notes
:robot: This issue is automatically synced from: source