We need to ensure that when requests are made to this service, users can only see issues in their allowed namespaces.

The issues dashboard backend POC was tested using a local minikube cluster. Running this on an OCP cluster is a different story.

Idea(s):

• One way to do this is to use the user's service account token from the request. We may be able to use that token to impersonate the user when checking permissions.
  • The CLI tool will also need to be updated so it can retrieve the oc token and pass it in the bearer auth header when making requests.
• Another way would be to use can-i: https://kubernetes.io/docs/reference/kubectl/generated/kubectl_auth/kubectl_auth_can-i/

I would start by looking into user impersonation on Kubernetes.