Resolve auth TODOs for services called from internal kubernetes api
**UPDATE: Closing this without action, based on thorough discussion in the thread below: #409038 (comment 1375291424) **
Description
See the following TODO regarding:
# TODO: Add proper authorization check here. Not sure what it should check, we can look at other services
# which are called from ee/lib/ee/api/internal/kubernetes.rb for inspiration, e.g.
# StarboardVulnerabilityCreateService and StarboardVulnerabilityResolveService which
# use :admin_vulnerability
-
ee/app/services/remote_development/agent_config/update_service.rb
(https://gitlab.com/gitlab-org/gitlab/-/blob/remote_dev/ee/app/services/remote_development/agent_config/update_service.rb#L10-10) -
ee/app/services/remote_development/workspaces/reconcile_service.rb
(https://gitlab.com/gitlab-org/gitlab/-/blob/remote_dev/ee/app/services/remote_development/workspaces/reconcile_service.rb#L23)
Note that there is already agent-token-based auth in place at these REST API endpoints at the Grape DSL level, this is just to follow our practices of defense in depth to authorize at the service levels too.
Edited by Chad Woolley