Add k8s_proxy_pat feature flag
Issue: Add new k8s_proxy scope for PATs (#422408 - closed)
Rollout Issue: [Feature flag] Enable KAS K8S proxy API Persona... (#422961 - closed)
Why
We want to support personal access token authentication for the internal API.
What
- Introduce Feature Flag
k8s_proxy_pat
.- The Feature Flag is to be used with the User actor since we have access to
current_user
in all the necessary places. - The Feature Flag is disabled by default.
- The Feature Flag is to be used with the User actor since we have access to
- Introduce new scope that indicates permission to access a Kubernetes cluster.
k8s_proxy_pat
Feature Flag enabled, the k8s_proxy scope is not present in the UI
Without
k8s_proxy_pat
Feature Flag enabled, the k8s_proxy scope is present in the UI
With To verify locally
- Pull
hustewart-k8s-scope
. - Checkout
hustewart-k8s-scope
- In your browser go to
https://gdk.test:3443/-/profile/personal_access_tokens
(use your local gdk url). - Under Personal Access Tokens, click the "Add new token" button.
- Verify there's no
k8s_proxy scope
in the UI. - In your terminal on the branch
bundle exec rails console
.
user = User.first
Feature.enable(:k8s_proxy_pat, user)
(for me User.first
is root
, pick whatever user works for you)
- In your browser refresh or go to
https://gdk.test:3443/-/profile/personal_access_tokens
(use your local gdk url). - Verify there is a
k8s_proxy scope
in the UI. - Create a token with this scope.
- Verify it shows up in your list of tokens on the same page under "Active personal access tokens."
Edited by Hunter Stewart