Skip to content

[RHIDP-8584]: Document Extensions RBAC permissions for CSV file#2139

Merged
themr0c merged 9 commits into
redhat-developer:mainfrom
themr0c:RHIDP-8584-extensions-rbac-csv
May 11, 2026
Merged

[RHIDP-8584]: Document Extensions RBAC permissions for CSV file#2139
themr0c merged 9 commits into
redhat-developer:mainfrom
themr0c:RHIDP-8584-extensions-rbac-csv

Conversation

@themr0c
Copy link
Copy Markdown
Member

@themr0c themr0c commented Apr 30, 2026

IMPORTANT: Do Not Merge - To be merged by Docs Team Only

Version(s): 1.9+
Issue: https://redhat.atlassian.net/browse/RHIDP-8584
Preview: N/A (pending CI build)

Summary

  • Add Extensions permissions reference table (ref-extensions-permissions.adoc) to the permission policies reference, documenting extensions.plugin.configuration.read and extensions.plugin.configuration.write
  • Add CSV procedure (proc-configure-rbac-for-extensions-by-using-the-rbac-csv-file.adoc) to the external files assembly, with HAS_NAME and HAS_ANNOTATION conditional policy examples
  • Add Extensions conditional policy example to ref-conditional-policy-plugin-examples.adoc
  • Update existing Web UI RBAC procedure (proc-configure-rbac-to-manage-extensions.adoc) with cross-references to the CSV procedure and permission reference

Permission names (from source)

Permission name Resource type Action Description
extensions.plugin.configuration.read extensions-plugin read View plugin configurations
extensions.plugin.configuration.write extensions-plugin create Install, update, enable, or disable plugins

Source: rhdh-plugins/workspaces/extensions/plugins/extensions-common/src/permissions.ts

@themr0c @claude
[RHIDP-8584]: Document Extensions RBAC permissions for CSV file
bb645ab 
Add Extensions permissions reference table and CSV procedure to the
authorization title, with HAS_NAME and HAS_ANNOTATION conditional
policy examples. Cross-reference from existing Web UI procedure.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@themr0c themr0c requested a review from PatAKnight April 30, 2026 08:32
@rhdh-bot
Copy link
Copy Markdown
Collaborator

rhdh-bot commented Apr 30, 2026
edited
Loading

PR Build Results

Build passed -- 34/34 titles | 68s
Preview: https://redhat-developer.github.io/red-hat-developers-documentation-rhdh/pr-2139/

Content Quality Assessment

CQA Report

  • CQA-00a: Orphaned modules
  • CQA-00b: Directory structure
  • CQA-01: Vale AsciiDoc DITA compliance
  • CQA-02: Verify assembly structure
  • CQA-03: Verify content type metadata
  • CQA-04: Verify module templates
  • CQA-05: Verify required modular elements
  • CQA-06: Verify assemblies follow official template (one user story)
  • CQA-07: Verify TOC depth (max 3 levels)
  • CQA-08: Verify short description content quality
  • CQA-09: Verify short description format
  • CQA-10: Verify titles are brief, complete, and descriptive
  • CQA-11: Verify procedure prerequisites
  • CQA-12: Verify grammar and style (Vale)
  • CQA-13: Verify content matches declared type
  • CQA-14: Verify no broken links
  • CQA-15: Check redirects
  • CQA-16: Verify official product names
  • CQA-17: Verify legal disclaimers for preview features

Summary

Checks: 19 total, 19 pass, 0 fail

19 checks: 19 pass, 0 fail

Run node build/scripts/cqa/index.js --all --fix locally to review and auto-fix issues.

Updated 2026-05-11 08:05:14 UTC

@themr0c
Copy link
Copy Markdown
Member Author

themr0c commented Apr 30, 2026

/cherry-pick release-1.9

@openshift-cherrypick-robot
Copy link
Copy Markdown
Contributor

openshift-cherrypick-robot commented Apr 30, 2026

@themr0c: once the present PR merges, I will cherry-pick it on top of release-1.9 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@rh-tokeefe
Copy link
Copy Markdown
Member

rh-tokeefe commented Apr 30, 2026

@themr0c LGTM, but needs a rebase.

PatAKnight
PatAKnight reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@PatAKnight PatAKnight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did a cursory glance as I am not too familiar with the extension's permissions. Tagging @dzemanov to see if she can also take a look as well. But did notice a couple of things worth calling out.

Comment thread modules/shared/ref-extensions-permissions.adoc
Comment thread modules/shared/proc-configure-rbac-for-extensions-by-using-the-rbac-csv-file.adoc
dzemanov
dzemanov suggested changes Apr 30, 2026
View reviewed changes
Comment thread modules/shared/proc-configure-rbac-for-extensions-by-using-the-rbac-csv-file.adoc
@themr0c @PatAKnight
Apply suggestion from @PatAKnight
50ee605 
Co-authored-by: Patrick Knight <pknight@redhat.com>
@themr0c themr0c added Technical review done ⛅ Any procedure has been succesfully tested Ready to merge 💂 and removed Technical review needed 🔩 Test all the procedures labels May 11, 2026
@themr0c
Copy link
Copy Markdown
Member Author

themr0c commented May 11, 2026

/cherry-pick release-1.9

@openshift-cherrypick-robot
Copy link
Copy Markdown
Contributor

openshift-cherrypick-robot commented May 11, 2026

@themr0c: once the present PR merges, I will cherry-pick it on top of release-1.9 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

dzemanov
dzemanov suggested changes May 11, 2026
View reviewed changes
Comment thread modules/shared/proc-configure-rbac-for-extensions-by-using-the-rbac-csv-file.adoc Outdated
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 11, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dzemanov
dzemanov approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dzemanov dzemanov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

@themr0c themr0c merged commit da1cebb into redhat-developer:main May 11, 2026
6 checks passed
@themr0c themr0c deleted the RHIDP-8584-extensions-rbac-csv branch May 11, 2026 08:07
@openshift-cherrypick-robot
Copy link
Copy Markdown
Contributor

openshift-cherrypick-robot commented May 11, 2026

@themr0c: new pull request created: #2181

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 11, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rh-tokeefe rh-tokeefe rh-tokeefe approved these changes

+2 more reviewers

@PatAKnight PatAKnight PatAKnight left review comments

@dzemanov dzemanov dzemanov approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Peer review needed 📖 Ready to merge 💂 Technical review done ⛅ Any procedure has been succesfully tested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@themr0c @rhdh-bot @openshift-cherrypick-robot @rh-tokeefe @dzemanov @PatAKnight