Add k8s_proxy_pat feature flag
Issue: Add new k8s_proxy scope for PATs (#422408 - closed)
Rollout Issue: [Feature flag] Enable KAS K8S proxy API Persona... (#422961 - closed)
Why
We want to support personal access token authentication for the internal API.
What
- Introduce Feature Flag
k8s_proxy_pat.- The Feature Flag is to be used with the User actor since we have access to
current_userin all the necessary places. - The Feature Flag is disabled by default.
- The Feature Flag is to be used with the User actor since we have access to
- Introduce new scope that indicates permission to access a Kubernetes cluster.
Without k8s_proxy_pat Feature Flag enabled, the k8s_proxy scope is not present in the UI
With k8s_proxy_pat Feature Flag enabled, the k8s_proxy scope is present in the UI
To verify locally
- Pull
hustewart-k8s-scope. - Checkout
hustewart-k8s-scope - In your browser go to
https://gdk.test:3443/-/profile/personal_access_tokens(use your local gdk url). - Under Personal Access Tokens, click the "Add new token" button.
- Verify there's no
k8s_proxy scopein the UI. - In your terminal on the branch
bundle exec rails console.
user = User.first
Feature.enable(:k8s_proxy_pat, user)(for me User.first is root, pick whatever user works for you)
- In your browser refresh or go to
https://gdk.test:3443/-/profile/personal_access_tokens(use your local gdk url). - Verify there is a
k8s_proxy scopein the UI. - Create a token with this scope.
- Verify it shows up in your list of tokens on the same page under "Active personal access tokens."
Edited by Hunter Stewart