-
Task
-
Resolution: Done
-
Undefined
-
None
-
None
-
insights-content
-
Content 3, Content 4, Content 5, Content 6, Content 7
-
8
Goal:
- Kessel is turned on in stage
Acceptance Criteria:
- A kessel client is added (example POC https://github.com/RedHatInsights/config-manager/pull/242/)
-
- Based on 'feature' or env variable, use either RBAC or kessel
- Add support for optionally turning on Kessel integration (via env variable)
- Turn on kessell in stage
- Verify auth checks work
- User with admin role
- user with read only role
- user with no roles
For using kessel, instead of working with an organization, we'll want to lookup their 'default' workspace
Api spec for looking up workspace:
https://github.com/RedHatInsights/insights-rbac/blob/master/docs/source/specs/v2/openapi.yaml
Then, we'll want to ask kessel for that workspace, does the user have repos read/write or template read/write as we do today. how to do this should be covered here: https://project-kessel.github.io/docs/building-with-kessel/how-to/migrate-from-rbac-v1-to-v2/
Enabling in stage/prod:
https://project-kessel.github.io/docs-internal/using-kessel/in-production
Background info: https://docs.google.com/document/d/1XnINsHuYeHEi22q_1cS0gUalX-eXl3V19gGf0Wr8NsE/edit?tab=t.0#heading=h.pfjzbznm9cbk
