Skip to main content

Authorization Policies

Overview

The Authorization Policies panel provides a centralized view of all Kubernetes authorization policies configured in the Shakudo platform. This feature allows administrators to review and understand the access control rules that govern how users and services interact with platform resources. The panel displays AI-generated descriptions for each policy, making it easier to understand complex authorization configurations without diving into raw Kubernetes manifests.

Access & Location

  • Route: ?panel=authorization-policies
  • Navigation: Admin → Authorization Policies
  • Access Requirements:
    • dashboard-admin role (Keycloak RBAC)
  • Feature Flags:
    • authPoliciesEnabled (environment variable: HYPERPLANE_DASHBOARD_AUTH_POLICIES_ENABLED)

Key Capabilities

View Authorization Policies

Browse all authorization policies configured in the Kubernetes cluster with AI-generated human-readable descriptions that explain what each policy does and which resources it affects.

Refresh Policy Descriptions

Manually trigger a refresh of authorization policy data to ensure you're viewing the most up-to-date information from the cluster. The system uses AI to regenerate descriptions when policies are updated.

Review Policy Details

Expand individual policies to view detailed markdown-formatted descriptions that explain the policy's purpose, scope, and affected resources in natural language.

User Interface

Main View

The main view displays a summary card showing:

  • Last Modified: The timestamp of the most recently updated authorization policy
  • Policy Count: Total number of authorization policies in the system
  • Refresh Button: Manually refresh policy data and regenerate AI descriptions

Below the summary, policies are displayed as expandable accordion items, each showing:

  • Policy name
  • Collapsible description section with markdown-formatted details

Summary Card

A prominent card at the top of the panel displays:

  • Last modification timestamp in the format: "ddd, MMMM D YYYY HH:mm:ss"
  • Total count of authorization policies
  • A refresh button to reload policy data

Policy List

Authorization policies are displayed as accordion items that can be expanded to reveal:

  • Policy name with an icon indicator
  • Full markdown description explaining the policy's purpose and scope
  • Details about resources affected by the policy

Loading States

The interface provides clear feedback during data loading:

  • Skeleton loaders for summary card metrics during initial load
  • Loading spinner with message: "AI is generating descriptions. It might take a while"
  • Empty state message: "There are no Authorization Policies to display"
  • Error alert if policies fail to load

Dialogs & Modals

This panel does not include any dialogs or modals. All functionality is accessible from the main view.

Tables & Data Grids

This panel does not use traditional data tables. Instead, it displays policies as expandable accordion items for better readability of complex policy descriptions.

Technical Details

GraphQL Operations

Queries:

  • getAuthorizationPolicies - Retrieves all authorization policies with their names, AI-generated descriptions, and timestamps

Mutations: None - This is a read-only panel

Subscriptions: None - Data is fetched on demand

Data Model

Each AuthorizationPolicy contains:

  • name (String) - The name of the authorization policy
  • description (String, optional) - AI-generated markdown description of what the policy does
  • timestamp (DateTime) - When the policy was last modified

Component Structure

  • Main Component: components/AuthPolicies/AuthPoliciesPanel.tsx
  • Grid Component: components/AuthPolicies/AuthPoliciesGrid.tsx
  • Details Component: components/AuthPolicies/AuthPoliciesDetails.tsx
  • GraphQL Query: graphql/authorizationPolicies/getAuthorizationPolicies.query.graphql

Implementation Details

  • The panel uses Apollo Client's useQuery hook with notifyOnNetworkStatusChange to track loading states
  • Policy descriptions are rendered using the MarkdownDisplay component for rich formatting
  • The component is memoized for performance optimization
  • Timestamps use dayjs for formatting with timezone support
  • The last modified date is computed from the maximum timestamp across all policies

Common Workflows

Reviewing Authorization Policies

  1. Navigate to Admin → Authorization Policies
  2. View the summary card to see total policy count and last update time
  3. Scroll through the list of policies
  4. Click on any policy accordion to expand and read its AI-generated description
  5. Use the refresh button if you've recently made changes to policies

Understanding a Specific Policy

  1. Locate the policy by name in the accordion list
  2. Click on the policy to expand its description
  3. Review the markdown-formatted explanation of:
    • What the policy controls
    • Which resources are affected
    • Which users or services the policy applies to

Checking for Policy Updates

  1. Note the "Last Modified" timestamp in the summary card
  2. If you've recently modified Kubernetes authorization policies, click the refresh button
  3. Wait for the AI to regenerate descriptions (this may take a few moments)
  4. Review the updated policy information
  • Users - Overall cluster configuration and management
  • Service Accounts - Related security features in the platform
  • SecOps Panel - Security operations and compliance monitoring

Notes & Tips

AI-Generated Descriptions

  • Descriptions are generated by AI to make complex Kubernetes authorization policies more understandable
  • The AI analyzes the policy configuration and creates natural language explanations
  • Description generation may take some time, especially when refreshing many policies
  • If descriptions seem outdated after making changes, use the refresh button

Performance Considerations

  • The panel fetches all policies at once, so loading time may increase with many policies
  • Policy descriptions are cached after initial generation
  • The refresh operation regenerates all descriptions, which can be time-consuming

When to Use This Panel

  • During security audits to review all authorization policies
  • When onboarding new administrators who need to understand access controls
  • After making changes to Kubernetes authorization policies
  • When troubleshooting permission issues to understand what policies are in effect

Troubleshooting

  • If you see an error message, try refreshing the page
  • Contact platform support if the issue persists
  • Check that the HYPERPLANE_DASHBOARD_AUTH_POLICIES_ENABLED environment variable is set to true
  • Verify you have dashboard-admin role assigned in Keycloak

Feature Flag Configuration

This feature must be explicitly enabled via environment variable:

HYPERPLANE_DASHBOARD_AUTH_POLICIES_ENABLED=true

Without this flag, the panel will not appear in the admin navigation menu.

Last updated on by chyuen-devsentient