Hide Forgot
In OSE 3.2, the method by which an administrator can manage and update the bootstrap policy for users and systems has been made easier. There is no current documentation around this feature and the process by which the cluster admin can create and manage these policies needs to be documented. This new feature allows working with role definitions and bindings to ensure an easy experience for the tenant while working with policies. Suggested outline: -- What is the problem that we are trying to solve by having bootstrap policies -- How can admins achieve it without this feature -- How can admins achieve it with this feature Dev for this feature is: David Eads Trello card is: https://trello.com/c/kLVprEpA/470-3-make-bootstrap-policy-updates-easy QA for the feature is: Xiaochuan Wang Likely Guide is: As a new topic in the Cluster Admin Guide: https://docs.openshift.com/enterprise/3.1/admin_guide/index.html
Current documentation (copied from trello card): - https://docs.openshift.org/latest/install_config/upgrades.html#updating-policy-definitions - https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html - https://docs.openshift.org/latest/admin_guide/manage_scc.html
(In reply to Thien-Thi Nguyen from comment #1) > Current documentation (copied from trello card): > > - > https://docs.openshift.org/latest/install_config/upgrades.html#updating- > policy-definitions > - > https://docs.openshift.org/latest/architecture/additional_concepts/ > authorization.html > - https://docs.openshift.org/latest/admin_guide/manage_scc.html Do you feel these satisfy this BZ?
(In reply to Alex Dellapenta from comment #2) > Do you feel these satisfy this BZ? No, they barely mention bootstrap policies.
On second thought, i was fooled by a simple grep on "bootstrap". The above-mentioned pages do indeed touch on the "oadm policy reconcile-*" commands, which is how the functionality is exposed to the user. I think this documentation is sufficient for now.
The "oadm policy reconcile-*" commands were introduced in: - https://docs.openshift.com/enterprise/3.0/whats_new/ose_3_0_release_notes.html#ose-3-0-1-0 and documented in: - https://docs.openshift.com/enterprise/3.0/install_config/upgrades.html#updating-policy-definitions - https://docs.openshift.com/enterprise/3.1/admin_guide/manage_scc.html#updating-the-default-security-context-constraints - https://docs.openshift.com/enterprise/3.1/install_config/upgrading/manual_upgrades.html#updating-policy-definitions - https://docs.openshift.com/enterprise/3.0/architecture/additional_concepts/authorization.html#updating-cluster-roles Xiaochuan, what do you think? (Moving status to ON_QA.)
Thank you for summarize tnguyen, I think the following 4 documents are sufficient, but I was wondering if need to add documents in github repo: openshift/openshift-docs
(In reply to XiaochuanWang from comment #6) Thanks for the quick response. > following 4 documents are sufficient, but I was wondering if > need to add documents in github repo: openshift/openshift-docs Luckily, there is no need, since the documents linked (in comment #5) are already in the repo. Moving status to CLOSED CURRENTRELEASE.