docs(rbac): Document how to mount the RBAC policy CSV file using the Operator [RHIDP-1783] (#499)

Co-authored-by: Fabrice Flore-Thébault <ffloreth@redhat.com>
Co-authored-by: Heena Manwani <59050394+hmanwani-rh@users.noreply.github.com>

Author: 3 people

assemblies/assembly-configuring-authorization-in-rhdh.adoc

@@ -15,6 +15,10 @@ include::modules/admin/con-rbac-config-permission-policies-admin.adoc[leveloffse
 
 include::modules/admin/con-rbac-config-permission-policies-external-file.adoc[leveloffset=+3]
 
+include::modules/admin/proc-mounting-the-policy-csv-file-using-the-operator.adoc[leveloffset=+4]
+
+include::modules/admin/proc-mounting-the-policy-csv-file-using-helm.adoc[leveloffset=+4]
+
 
 include::modules/admin/con-rbac-conditional-policies-rhdh.adoc[leveloffset=+1]
 

modules/admin/con-rbac-config-permission-policies-external-file.adoc

@@ -64,70 +64,3 @@ permission:
     policyFileReload: true
     # ...
 ----
-
-== Mounting `policy.csv` file to the {product-short} Helm chart
-
-When the {product} is deployed with the Helm chart, you must define the `policy.csv` file by mounting it to the {product-short} Helm chart.
-
-You can add your `policy.csv` file to the {product-short} Helm Chart by creating a `configMap` and mounting it.
-
-.Prerequisites
-
-* You are logged in to your {ocp-short} account using the {ocp-short} web console.
-* {product} is installed and deployed using Helm Chart.
-+
-//For more information about installing the {product} on {ocp-short} using Helm Chart, see xref:proc-install-rhdh-ocp-helm_{context}[].
-//replace with a link to the installation guide.
-
-.Procedure
-
-. In {ocp-short}, create a ConfigMap to hold the policies as shown in the following example:
-+
---
-.Example `ConfigMap`
-[source,yaml]
-----
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: rbac-policy
-  namespace: rhdh
-data:
-  rbac-policy.csv: |
-    p, role:default/guests, catalog-entity, read, allow
-    p, role:default/guests, catalog.entity.create, create, allow
-
-    g, user:default/<YOUR_USER>, role:default/guests
-----
---
-
-. In the {product-short} Helm Chart, go to *Root Schema -> Backstage chart schema -> Backstage parameters -> Backstage container additional volume mounts*.
-. Select *Add Backstage container additional volume mounts* and add the following values:
-+
---
-* *mountPath*: `opt/app-root/src/rbac`
-* *Name*: `rbac-policy`
---
-
-. Add the RBAC policy to the *Backstage container additional volumes* in the {product-short} Helm Chart:
-+
---
-* *name*: `rbac-policy`
-* *configMap*
-** *defaultMode*: `420`
-** *name*: `rbac-policy`
---
-
-. Update the policy path in the `app-config.yaml` file as follows:
-+
---
-.Example `app-config.yaml` file
-[source,yaml]
-----
-permission:
-  enabled: true
-  rbac:
-    policies-csv-file: ./rbac/rbac-policy.csv
-----
---
-

modules/admin/proc-mounting-the-policy-csv-file-using-helm.adoc

@@ -0,0 +1,66 @@
+[id='proc-mounting-the-policy-csv-file-using-helm_{context}']
+= Mounting `policy.csv` file to the {product-short} Helm chart
+
+When the {product} is deployed with the Helm chart, you must define the `policy.csv` file by mounting it to the {product-short} Helm chart.
+
+You can add your `policy.csv` file to the {product-short} Helm Chart by creating a `configMap` and mounting it.
+
+.Prerequisites
+
+* You are logged in to your {ocp-short} account using the {ocp-short} web console.
+* {product} is installed and deployed using Helm Chart.
++
+//For more information about installing the {product} on {ocp-short} using Helm Chart, see xref:proc-install-rhdh-ocp-helm_{context}[].
+//replace with a link to the installation guide.
+
+.Procedure
+
+. In {ocp-short}, create a ConfigMap to hold the policies as shown in the following example:
++
+--
+.Example `ConfigMap`
+[source,yaml]
+----
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: rbac-policy
+  namespace: rhdh
+data:
+  rbac-policy.csv: |
+    p, role:default/guests, catalog-entity, read, allow
+    p, role:default/guests, catalog.entity.create, create, allow
+
+    g, user:default/<YOUR_USER>, role:default/guests
+----
+--
+
+. In the {product-short} Helm Chart, go to *Root Schema -> Backstage chart schema -> Backstage parameters -> Backstage container additional volume mounts*.
+. Select *Add Backstage container additional volume mounts* and add the following values:
++
+--
+* *mountPath*: `opt/app-root/src/rbac`
+* *Name*: `rbac-policy`
+--
+
+. Add the RBAC policy to the *Backstage container additional volumes* in the {product-short} Helm Chart:
++
+--
+* *name*: `rbac-policy`
+* *configMap*
+** *defaultMode*: `420`
+** *name*: `rbac-policy`
+--
+
+. Update the policy path in the `app-config.yaml` file as follows:
++
+--
+.Example `app-config.yaml` file
+[source,yaml]
+----
+permission:
+  enabled: true
+  rbac:
+    policies-csv-file: ./rbac/rbac-policy.csv
+----
+--

modules/admin/proc-mounting-the-policy-csv-file-using-the-operator.adoc

@@ -0,0 +1,84 @@
+[id='proc-mounting-the-policy-csv-file-using-the-operator_{context}']
+= Mounting `policy.csv` file using the {product-short} Operator
+
+When the {product} is deployed with the Operator, you can add your `policy.csv` file using the {product-short} Operator by creating a `ConfigMap` and mounting it through your Custom Resource (CR).
+
+.Prerequisites
+
+* You are logged in to your {ocp-short} account using the {ocp-short} web console.
+* {product} is installed and deployed using the Operator.
+* You have added a custom configuration file to {ocp-short}. For more information, see link:{LinkAdminGuide}[Adding a custom configuration file to {ocp-short}].
++
+//For more information about installing the {product} on {ocp-short} using the Operator, see xref:proc-install-rhdh-ocp-operator_{context}[].
+//replace with a link to the installation guide.
+
+.Procedure
+
+. In {ocp-short}, create a ConfigMap to hold the policies as shown in the following example:
++
+--
+.Example `ConfigMap`
+[source,yaml]
+----
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: rbac-policy
+data:
+  rbac-policy.csv: |
+    p, role:default/guests, catalog-entity, read, allow
+    p, role:default/guests, catalog.entity.create, create, allow
+
+    g, user:default/<YOUR_USER>, role:default/guests
+----
+--
+
+. Update the policy path in your custom `app-config.yaml` ConfigMap as follows:
++
+--
+.Example `app-config.yaml` file
+[source,yaml]
+----
+permission:
+  enabled: true
+  rbac:
+    policies-csv-file: ./rbac-policy.csv
+----
+--
+
+. From the *Developer* perspective in the {ocp-short} web console, select the *Topology* view.
+. Click the overflow menu for the {product} instance that you want to use and select *Edit Backstage* to load the YAML view of the {product} instance.
+. In the CR, enter the name of the custom `rbac-policy` ConfigMap as the value for the `spec.application.extraFiles.configMaps` field. For example:
++
+.Example custom resource
+[source, yaml]
+----
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: example
+spec:
+  application:
+    appConfig:
+      mountPath: /opt/app-root/src
+      configMaps:
+        - name: app-config-rhdh
+    extraEnvs:
+      secrets:
+        - name: secrets-rhdh
+    extraFiles:
+      mountPath: /opt/app-root/src
+      configMaps:
+        - name: rbac-policy
+    replicas: 1
+    route:
+      enabled: true
+  database:
+    enableLocalDb: true
+----
+. Click *Save*.
+
+.Verification
+
+. Navigate back to the *Topology* view and wait for the {product} pod to start.
+. Click the *Open URL* icon to access the {product} platform with the updated configuration settings.