Value Statement

In Maestro, secure communication with the gRPC server requires verifying the client's identity using an API key, token, or certificate. After authentication, the server must also confirm that the client has the necessary permissions to perform the requested action, whether publishing or subscribing.

Definition of Done for Engineering Story Owner (Checklist)

• support mLTS authentication based on client certificate
• support authorization based on use/groups in client certificate with kube authorizer
• support token authentication based on service account token
• support authorization based on service account with kube authorizer

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• [ ] Unit/function tests have been automated and incorporated into the
  build.
• [ ] 100% automated unit/function test coverage for new or changed APIs.

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.