tower 0.61.7 — Phase G + delete fall-through to force-delete
Phase G: every Operation now carries (TenantID, ActorUserID, ActorEmail) stamped at opStore.Create from the request scope. The bell SSE stream filters per event against the caller's scope before emitting (closes the cross-tenant leak — non-super-admin users no longer see other tenants' ops). Get / Cancel / Stream-one return 404 (not 403) when the caller can't see the op so existence isn't probable across tenants. List endpoint uses op.TenantID directly (covers in-flight ops with no Argo App yet); legacy ops with empty tenant fall back to the Argo lookup so the upgrade is seamless. Delete leak: cascade-delete failure used to fail the whole flow, stranding the Gitea overlay repo + DNS A record. Now: cascade fails → escalate to ForceDeleteApplication (strip finalizers) → continue to repo + DNS cleanup. Both fail only when ArgoCD itself is unreachable. Caught when odoo16v2 left tenant-havari/instance- odoo16v2 orphaned across the smoke test. Tests + build green.
This commit is contained in:
Tower Bot
@@ -9,7 +9,7 @@ backend:
|
|||||||
# so every cluster that runs Tower needs the same imagePullSecret
|
# so every cluster that runs Tower needs the same imagePullSecret
|
||||||
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
||||||
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
||||||
tag: "0.61.6"
|
tag: "0.61.7"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
- name: docker-mirror-pull
|
- name: docker-mirror-pull
|
||||||
|
|||||||
Reference in New Issue
Block a user