NETOBSERV-972 check if cluster admin via namespaces

[jotak]

Follow-up on #320, which relaxed the permission checks performed when lokiAuth is DISABLED: after discussion, we roll back to a more strict approach; however to mitigate the limitation of TokenReview (it doesn't provide a reliable way to check for cluster admins right), we verify that the user can list namespaces, assuming this is a cluster admin capability.

[codecov]

Codecov Report

Merging #326 (512759c) into main (99b3a5f) will decrease coverage by 0.38%.
The diff coverage is 51.51%.

@@            Coverage Diff             @@
##             main     #326      +/-   ##
==========================================
- Coverage   55.56%   55.18%   -0.38%     
==========================================
  Files          29       29              
  Lines        1735     1745      +10     
==========================================
- Hits          964      963       -1     
- Misses        683      694      +11     
  Partials       88       88              

Flag	Coverage Δ
unittests	55.18% <51.51%> (-0.38%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cmd/plugin-backend.go	0.00% <0.00%> (ø)
pkg/kubernetes/client/client.go	0.00% <0.00%> (ø)
pkg/kubernetes/auth/check_auth.go	85.24% <100.00%> (-0.24%)	⬇️

[OlivierCazade]

LGTM

[memodi]

/ok-to-test

[memodi]

/ok-to-test

[openshift-ci]

New changes are detected. LGTM label has been removed.

[memodi]

/ok-to-test

[jotak]

/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jotak

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jotak]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment