Skip to content

Allow non-group Agent projects to authorize themselves

Tiger Watson requested to merge fix-agent-project-self-auth into master

What does this MR do and why?

Fixes a typebug where a project that doesn't belong to a group (ie belongs to a personal user namespace) can't create an authorization record (and therefore fine-tune auth configuration) for itself.

Screenshots or screen recordings

These are strongly recommended to assist reviewers and reduce the time to merge your change.

How to set up and validate locally (requires a Kubernetes cluster + KAS)

  1. Create an Agent configuration project, ensuring that it belongs to a user namespace, not a group.
  2. Register an agent from the configuration project.
  3. Authorize the configuration project to access the Agent. This triggers a sync from KAS -> Rails
  4. In a Rails console, verify an authorization record has been created for the project/agent combination:
Clusters::Agents::ProjectAuthorization.find_by(agent_id: <your-agent-id>, project_id: <your-project-id>)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Tiger Watson

Merge request reports

Loading