Alright we have 5 fails in #1371, same as I did back in Dec:

Fiddly Cypress issue:

• 07-manage-control/02-rate-limiting.cy.ts - verify rate limit error when the API calls beyond the limit
• 07-manage-control/02-rate-limiting.cy.ts - verify rate limit error when the API calls beyond the limit

These seem like real issues, all 3 show 403s instead of 200s when trying to get activity:

• 15-aps-api/08-namespaces.cy.ts - Get the resource and verify the success code in the response (calling namespaces/{gatewayId}/activity)
• 19-api-v3/03-gateways.ts - POST /gateways (failure when calling /activity)
• 19-api-v3/03-gateways.ts - GET /gateways/{gatewayId}/activity (similar to first one here)

Replicating locally, the error for the above 3 is Missing required scope: <gatewayid>:Namespace.View. Meanwhile, I can view activity in Portal at /manager/activity.

Looking back, I see that in Dec I added and then removed Namespace.View upon gateway creation, presumably related to this bug.

My notes captured that users should NOT be able to view gateway/ns/activity without Namespace.View explicitly there - but it was possible in KC15 due to bug with resource-based scopes (https://dpdd.atlassian.net/browse/APS-3972).

@ikethecoder do you remember why we removed the change to add that permission on gateway creation? Do we want to A) modify/remove these tests, B) grant the Namespace.View scope manually in the tests so they pass, or C) grant .View on ns creation. ? I'm leaning towards B.

There is also a build error now, which is reproducible locally when running docker compose --profile testsuite build, I see @Elson9 is working on it.

I can't recall why - but I agree option B. I think we had talked about a "more correct" solution is to configure the /manager/activity endpoint to be accessed with either Namespace.View or Namespace.Manage.

🔔 Friendly reminder: The following reviewers still need to review this PR: @rustyjux, @phowells, @Elson9, @danebenal

PS: @sdqdadat