From d040874417fbb825d413011f45b80ce8f2e008f0 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Thu, 6 Nov 2025 10:50:58 +0545 Subject: [PATCH 1/2] chore: update modules --- mission-control-chart | 2 +- modules/canary-checker | 2 +- modules/config-db | 2 +- modules/duty | 2 +- modules/mission-control | 2 +- modules/mission-control-chart | 2 +- modules/mission-control-registry | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/mission-control-chart b/mission-control-chart index 3710fad5..482220c7 160000 --- a/mission-control-chart +++ b/mission-control-chart @@ -1 +1 @@ -Subproject commit 3710fad5bb8408aaf37129f0272d7aa4da1f3c77 +Subproject commit 482220c75fb5e3ddbd52c9820c10159577b8030f diff --git a/modules/canary-checker b/modules/canary-checker index bff5cca8..1954d3fe 160000 --- a/modules/canary-checker +++ b/modules/canary-checker @@ -1 +1 @@ -Subproject commit bff5cca8f2fec464eed099c01f0b15f3602c802f +Subproject commit 1954d3fef649ee38e7e00ab0dc327b88d1e75b47 diff --git a/modules/config-db b/modules/config-db index 81e26eb1..5fe730b5 160000 --- a/modules/config-db +++ b/modules/config-db @@ -1 +1 @@ -Subproject commit 81e26eb1be71ea84a5b22261980eae58e82d9080 +Subproject commit 5fe730b553b7341a1538c9acd319080733b13308 diff --git a/modules/duty b/modules/duty index 4a1e4765..a29cf886 160000 --- a/modules/duty +++ b/modules/duty @@ -1 +1 @@ -Subproject commit 4a1e4765072ce2ea1bea21298d85571fd3d91224 +Subproject commit a29cf886d492dc63b20ea2a9545d22d9cfb4c777 diff --git a/modules/mission-control b/modules/mission-control index 60cfeb20..8e6c04b2 160000 --- a/modules/mission-control +++ b/modules/mission-control @@ -1 +1 @@ -Subproject commit 60cfeb200bec5b6d3be4e6598654f79c326d966e +Subproject commit 8e6c04b22cafff1eacc959e06b1250b92e589568 diff --git a/modules/mission-control-chart b/modules/mission-control-chart index 6ed80b8a..f24a9195 160000 --- a/modules/mission-control-chart +++ b/modules/mission-control-chart @@ -1 +1 @@ -Subproject commit 6ed80b8a9bf48cec7bb7bf720186cfa94cffaa89 +Subproject commit f24a9195d99a483af104961cd133c087e4033eb4 diff --git a/modules/mission-control-registry b/modules/mission-control-registry index 9586d3b9..cc4abe6e 160000 --- a/modules/mission-control-registry +++ b/modules/mission-control-registry @@ -1 +1 @@ -Subproject commit 9586d3b94e8e6ea38e8dc11fa245cf339d113fb4 +Subproject commit cc4abe6e39bf326b9453b9c9b380f9f04358d812 From beddf82650c9328eae1a396c36e8c0cddf68e2d9 Mon Sep 17 00:00:00 2001 From: Aditya Thebe Date: Thu, 6 Nov 2025 10:59:26 +0545 Subject: [PATCH 2/2] update multi-tenancy docs the fixtures have been removed from mission control since tag and agent based permissions are deprecated --- .../permissions/concepts/multi-tenancy.md | 37 ++----------------- modules/mission-control | 2 +- 2 files changed, 4 insertions(+), 35 deletions(-) diff --git a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md index 722c6486..e5ad2829 100644 --- a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md +++ b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md @@ -4,38 +4,7 @@ sidebar_position: 3 --- Mission Control provides sophisticated access control mechanisms for complex deployment scenarios, particularly in Software-as-a-Service (SaaS) environments where multiple tenants or organizations share the same infrastructure. -Two key features enable fine-grained access control in these scenarios: Agent-based permissions and Tag-based permissions. -### Agent based permission - -Mission Control often acts as a central hub receiving data from multiple agents deployed across different environments. Each agent pushes its own set of resources, including catalogs and topologies, to the central Mission Control instance. While all these resources are accessible through a unified UI portal, organizations frequently need to restrict user access to specific agent-sourced data. -Agent-based ABAC addresses this requirement by allowing administrators to create permissions that reference specific agents. -For example, you might have: - -- Development teams that should only access resources from their development environment agents -- Regional teams that should only see resources from agents in their geographic location -- Client-specific teams that should only interact with agents deployed in their infrastructure - -```yaml title="agent-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/agent-based-permission.yaml - -``` - -### Tag based permission - -Tag-based permissions provide another layer of access control granularity by allowing administrators to restrict access based on resource tags. -This approach is particularly powerful for managing access in multi-cluster Kubernetes environments. -Tags can represent various attributes such as: - -- Environment (production, staging, development) -- Geographic region (us-east, eu-west, asia-pacific) -- Business unit (finance, marketing, operations) -- Client identifier (client-a, client-b) -- Clusters - -```yaml title="tag-based-permission.yaml" file=/modules/mission-control/fixtures/permissions/tag-based-permission.yaml - -``` - -:::info -Tag-based and agent-based permissions can be combined to create sophisticated access control policies that precisely match organizational requirements and security boundaries. -::: +Mission Control often acts as a central hub receiving data from multiple agents deployed across different environments. +Each agent pushes its own set of resources, including catalogs and topologies, to the central Mission Control instance. +While all these resources are accessible through a unified UI portal, organizations frequently need to restrict user access to specific agent-sourced data. diff --git a/modules/mission-control b/modules/mission-control index 8e6c04b2..71de44d5 160000 --- a/modules/mission-control +++ b/modules/mission-control @@ -1 +1 @@ -Subproject commit 8e6c04b22cafff1eacc959e06b1250b92e589568 +Subproject commit 71de44d56b6817fa55f7aff58da572f632864e42