Restrict management project to same namespace
When working out the deployment platform for a project, only return clusters where its namespace is the same as the management project. This ensures that cluster credentials won't leak out of the namespace. Allow where managment project is in the hierarchy of the cluster's namespace as well. - For group clusters, this is achieved by simply changing the order clause - For project clusters, we need to have a new query in our CTE to fetch clusters where management cluster is in the same namespace as the project's namespace. Add specs for new code, alter existing specs to work with new restrictions. And finally update documentation!
Showing
Please register or sign in to comment