From e3756ac1d19488712487271beef756e6f0bc1d94 Mon Sep 17 00:00:00 2001 From: Tower Bot Date: Thu, 30 Apr 2026 12:42:12 +0300 Subject: [PATCH] =?UTF-8?q?tower=200.61.7=20=E2=80=94=20Phase=20G=20+=20de?= =?UTF-8?q?lete=20fall-through=20to=20force-delete?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Phase G: every Operation now carries (TenantID, ActorUserID, ActorEmail) stamped at opStore.Create from the request scope. The bell SSE stream filters per event against the caller's scope before emitting (closes the cross-tenant leak — non-super-admin users no longer see other tenants' ops). Get / Cancel / Stream-one return 404 (not 403) when the caller can't see the op so existence isn't probable across tenants. List endpoint uses op.TenantID directly (covers in-flight ops with no Argo App yet); legacy ops with empty tenant fall back to the Argo lookup so the upgrade is seamless. Delete leak: cascade-delete failure used to fail the whole flow, stranding the Gitea overlay repo + DNS A record. Now: cascade fails → escalate to ForceDeleteApplication (strip finalizers) → continue to repo + DNS cleanup. Both fail only when ArgoCD itself is unreachable. Caught when odoo16v2 left tenant-havari/instance- odoo16v2 orphaned across the smoke test. Tests + build green. --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 9992320..07e5866 100644 --- a/values.yaml +++ b/values.yaml @@ -9,7 +9,7 @@ backend: # so every cluster that runs Tower needs the same imagePullSecret # provisioned out-of-band (until cluster-platform-v3 owns it). repository: registry.odoosky.cloud/odoosky/docker-mirror/tower - tag: "0.61.6" + tag: "0.61.7" pullPolicy: IfNotPresent imagePullSecrets: - name: docker-mirror-pull