Skip to content

FLPATH-3294: Kessel/ReBAC Detailed Design and Test Plan#7

Closed
jordigilh wants to merge 1 commit intoinsights-onprem:mainfrom
jordigilh:FLPATH-3294/kessel-rebac-detailed-design
Closed

FLPATH-3294: Kessel/ReBAC Detailed Design and Test Plan#7
jordigilh wants to merge 1 commit intoinsights-onprem:mainfrom
jordigilh:FLPATH-3294/kessel-rebac-detailed-design

Conversation

@jordigilh
Copy link
Copy Markdown

@jordigilh jordigilh commented Feb 18, 2026

Summary

  • Detailed Design document (kessel-ocp-detailed-design.md) covering all 3 phases of the Kessel/ReBAC authorization integration as logical checkpoints within a single implementation scope
  • Test Plan (kessel-ocp-test-plan.md) with 35 IEEE 829-inspired test scenarios across 4 tiers (Unit, Integration, Contract, E2E), BDD format, and >80% unit coverage target

Detailed Design Sections

  1. Overview and Scope (deployment matrix, design principles)
  2. Configuration and Startup (AUTHORIZATION_BACKEND, KESSEL_*_CONFIG, cache setup)
  3. AccessProvider Abstraction -- Protocol, factory, RBAC/Kessel implementations
  4. Middleware Integration -- provider dispatch, cache selection, error handling
  5. KesselAccessProvider Internals -- type mapping, transparent pass-through
  6. Resource Reporting and Sync -- tracking model, transparent reporter, lifecycle
  7. Access Management API (Phase 1.5) -- role/binding CRUD, cache invalidation
  8. ZED Schema and Role Seeding -- schema design, management commands
  9. Testing Strategy -- tier mapping, scenario format, coverage target
  10. Deployment and Operations -- bootstrap paths, env vars, SaaS hook
  11. Dependencies -- Kessel Python SDKs, gRPC
  12. Risks and Mitigations

Test Plan Highlights

  • 35 scenarios: 17 UT, 9 IT, 3 CT, 6 E2E
  • 12 P0 (Critical), 20 P1 (High), 3 P2 (Medium)
  • Scenario IDs: {TIER}-{MODULE}-{FEATURE}-{NNN} (e.g., UT-KESSEL-AP-001)
  • Each scenario: Priority, Business Value, Fixtures, BDD Steps, Acceptance Criteria

Related

Made with Cursor

@jordigilh @cursoragent
docs: Add Kessel/ReBAC detailed design and test plan
f60763e 
FLPATH-3294: Detailed Design (DD) document and IEEE 829-inspired test
plan for the Kessel/ReBAC authorization integration covering all three
phases (1, 1.5, 2) as logical checkpoints.

DD covers: AccessProvider abstraction, middleware integration, resource
reporting, Access Management API, ZED schema, deployment operations,
and SaaS future wiring.

Test plan contains 35 scenarios across 4 tiers (UT/IT/CT/E2E) with
BDD format, priority levels, and >80% unit coverage target.

Co-authored-by: Cursor <cursoragent@cursor.com>
@jordigilh jordigilh closed this Feb 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jordigilh