Implement RBAC toggle switch

Note: The RBAC feature is only enabled if the value for enabled is true in everest-rbac configmap. If the value is anything other than true, then RBAC is disabled.

Tested with Everest v1.2.0-rc6 version.

Installed mysql operator in a1 namespace.

Default configmap

Login as admin and create a mysql database.
Result: The admin user can create database, backup, schedules and do all actions on the database.

Installed mongodb, pg operator in a2 namespace.

Add a user and don't enable rbac

Login as dbadmin and create a mongodb database.

Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing mysql database. Created a mysql database from backup. A restored mysql database can be deleted.

Now add the following rbac changes for dbadmin but don't enable rbac
Prefix change

Refresh dbadmin session and create a pg database.

Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing mysql database. restored mysql database can be deleted.

Now change rbac to enable it

Result: The dbadmin user can now view databases, backups, schedules in a2 namespace. It cannot create/change anything for any database in a2 namespace. It cannot view any database in a1 namespace.

Check the admin user
Result: The admin user can create database, backup, schedules and do all actions on the databases.

Now change rbac to disable it

Refresh dbadmin session and create a database.
Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing database. restored pg database can be deleted.

Check the admin user
Result: The admin user can create database, backup, schedules and do all actions on the databases.

Change the admin user to admin1 and do not enable rbac

Result: There should be no effect on the admin user as rbac is disabled. The admin user can create database, backup, schedules and do all actions on the databases.

Now enable rbac

Result: The admin user cannot access any data in Everest: database, backups, schedules, since the admin user in config map is changed to admin1.

Tested with Everest v1.2.0-rc4 version.

Installed mysql operator in a1 namespace.

Default configmap after installation

Login as admin and create a mysql database.
Result: The admin user can create database, backup, schedules and do all actions on the database.

Installed mongodb, pg operator in a2 namespace.

Add a user and don't enable rbac

Login as dbadmin and create a mongodb database.

Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing mysql database. restored mysql database can be deleted.

Now add the following rbac changes for dbadmin but don't enable rbac

Refresh dbadmin session and create a pg database.

Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing mysql database. A database can be deleted.

Now change rbac to enable it

Result: The dbadmin user can now view databases, backups, schedules in a2 namespace. It cannot create/change anything for any database in a2 namespace. It cannot view any database in a1 namespace.

Check the admin user
Result: The admin user can create database, backup, schedules and do all actions on the databases.

Now change rbac to disable it

Refresh dbadmin session and create a database.
Result: The dbadmin user can create database, backup, schedules and do all actions on the database. It can also change backups/schedules and do actions, do restore for the existing database. A database can be deleted.

Check the admin user
Result: The admin user can create database, backup, schedules and do all actions on the databases.