Investigate using Rails FFs as allow/deny lists for new repositories

Context

In order to control and gradually increase the number of new repositories that we'll make use of the new metadata database, we've implemented a set of allow/deny lists in #250 (closed). These are part of the registry configuration file.

This is a followup from a discussion during the review of the new migration plan.

Proposal

Investigate whether it's possible to use Rails FFs as a means to replace the registry-side allow/deny lists. The base idea is that we could propagate the required information through the JWT tokens built on the Rails side.

⚠ Note: This and #355 (closed) are mutually exclusive. If this one turns out to be viable, we'll have to raise the additional issues for the Rails implementation (change to the auth API and the generated JWT tokens).

Conclusions

It's viable and desirable to drive this from the Rails side. Rails FFs provide the required flexibility to do so. A PoC was build and validated. The fine-grain details of the final solution (name and number of FFs) will be shared in the implementation issue: gitlab#335260 (closed).

Edited Jul 06, 2021 by João Pereira