Implement POST /api/v4/internal/kubernetes/authorize_proxy_user, access_type=session_cookie
Problem to sovlve
There should be an endpoint in lib/api/internal/kubernetes.rb
, so that KAS can call it with a session ID to verify whether this session is still valid before KAS can forward requests to the Kubernetes API from the frontend.
Proposal
Implement the POST /api/v4/internal/kubernetes/authorize_proxy_user
request described in the doc, for access_type=session_cookie
.
Put it behind a feature flag. If necessary, stub session lookup until #381561 (closed) is done (e.g. always return unauthorized or use current_user
instead of looking up the session).
NOTE: The outcome of gitlab-org/cluster-integration/gitlab-agent#338 (closed) will affect the exact authorization flow here, but we should be fine to proceed behind a feature flag.
References:
Edited by Hordur Freyr Yngvason