Value Statement

In ACM-12500 we investigated how to work with SpiceDB APIs as is. The Authz team is working on https://github.com/project-kessel/

We need to understand the impact of the changes and what it means. And modify the findings of ACM-12500

Here is another document you can look at - https://docs.google.com/document/d/1QJ4HoxtIyrwTwhsuW7OLGgoiyhngds0tMKMNKh6y46s/edit#heading=h.gytz99o6xkvd 

Global hub agent registers all the managed clusters to kessel inventory. Kessel can generate relation based on kubernetes RBAC. after that for the grafana request, it can go to proxy. the proxy will can Kessel API to get the permission. in the proxy, we rewrite the grafana request based on permission and then sent it to postgres. That can be a flow for us. the unclear stuff is how to report the RBAC from the managed hub cluster to Kessel.

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.