Allow developers to read Kubernetes clusters
What does this MR do and why?
Describe in detail what your merge request does and why.
In !75797 (merged) we started associating security vulnerabilities with Kubernetes clusters via GraphQL. Vulnerabilities require developer permissions to view, while clusters require maintainer permissions to review. It doesn't make sense to be allowed to see the vulnerabilities in a cluster, but not other information about the cluster. So, this change makes cluster information available to developers. This problem is further described in #347471 (closed).
Screenshots or screen recordings
These are strongly recommended to assist reviewers and reduce the time to merge your change.
| Test Case | Screenshot |
|---|---|
| As a developer, Kubernetes Clusters are visible in the project nav bar |  |
| Viewing Kubernetes Clusters index as a developer |  |
| Viewing Kubernetes Clusters index as a maintainer |  |
| Viewing Agents tab as a developer |  |
| Viewing Agents tab as a maintainer |  |
| Viewing a cluster agent page as a developer |  |
| Viewing cluster agent tokens as a developer |  |
How to set up and validate locally
-
Enable KAS in
gdk.yml:gitlab_k8s_agent: enabled: true -
Login as the user who will own the project (I used root)
-
Create a new project
-
Setup a new agent on the project (Steps 1-3. 4 might be optional)
-
Go to Project Information -> Members and add another user to the project as a developer
-
Log out and log in as the developer user
-
Go to the project
-
Go to Infrastructure -> Kubernetes Clusters
-
Observe that you can browse agent information
-
Observe that create / update / delete buttons are disabled
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #347471 (closed)