tower 0.61.6 — hide platform cluster from tenant-scoped server lists
handleListServers's existing tenant filter would still admit a platform cluster (type='platform') if it had been mis-labeled with a tenant or if a tenant happened to host an instance there. Belt- and-braces: explicit reject of any cluster with type='platform' when the request is tenant-scoped (non-super-admin). The platform control-plane runs Tower itself + platform-tenant template builds — it is not a deployment target for customer tenants and surfacing it in their Server picker breaks the bring-your-own-cluster model. Caught while smoke-testing MigrateDrawer: a fresh tenant's Server dropdown defaulted to 'Platform server', risking a customer deploying their tenant data onto the operator's shared infra by accident.
This commit is contained in:
Tower Bot
@@ -9,7 +9,7 @@ backend:
|
|||||||
# so every cluster that runs Tower needs the same imagePullSecret
|
# so every cluster that runs Tower needs the same imagePullSecret
|
||||||
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
||||||
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
||||||
tag: "0.61.5"
|
tag: "0.61.6"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
- name: docker-mirror-pull
|
- name: docker-mirror-pull
|
||||||
|
|||||||
Reference in New Issue
Block a user