flanksource · adityathebe · Nov 6, 2025 · Nov 6, 2025
diff --git a/mission-control-chart b/mission-control-chart
diff --git a/mission-control/docs/guide/permissions/concepts/multi-tenancy.md b/mission-control/docs/guide/permissions/concepts/multi-tenancy.md
@@ -4,38 +4,7 @@
 ---
 
 Mission Control provides sophisticated access control mechanisms for complex deployment scenarios, particularly in Software-as-a-Service (SaaS) environments where multiple tenants or organizations share the same infrastructure.
-Two key features enable fine-grained access control in these scenarios: Agent-based permissions and Tag-based permissions.
 
-### Agent based permission
-
-Mission Control often acts as a central hub receiving data from multiple agents deployed across different environments. Each agent pushes its own set of resources, including catalogs and topologies, to the central Mission Control instance. While all these resources are accessible through a unified UI portal, organizations frequently need to restrict user access to specific agent-sourced data.
-Agent-based ABAC addresses this requirement by allowing administrators to create permissions that reference specific agents.
-For example, you might have:
-
-- Development teams that should only access resources from their development environment agents
-- Regional teams that should only see resources from agents in their geographic location
-- Client-specific teams that should only interact with agents deployed in their infrastructure
-
-```yaml title="agent-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/agent-based-permission.yaml
-
-```
-
-### Tag based permission
-
-Tag-based permissions provide another layer of access control granularity by allowing administrators to restrict access based on resource tags.
-This approach is particularly powerful for managing access in multi-cluster Kubernetes environments.
-Tags can represent various attributes such as:
-
-- Environment (production, staging, development)
-- Geographic region (us-east, eu-west, asia-pacific)
-- Business unit (finance, marketing, operations)
-- Client identifier (client-a, client-b)
-- Clusters
-
-```yaml title="tag-based-permission.yaml" file=<rootDir>/modules/mission-control/fixtures/permissions/tag-based-permission.yaml
-
-```
-
-:::info
-Tag-based and agent-based permissions can be combined to create sophisticated access control policies that precisely match organizational requirements and security boundaries.
-:::
+Mission Control often acts as a central hub receiving data from multiple agents deployed across different environments.
+Each agent pushes its own set of resources, including catalogs and topologies, to the central Mission Control instance.
+While all these resources are accessible through a unified UI portal, organizations frequently need to restrict user access to specific agent-sourced data.
diff --git a/modules/canary-checker b/modules/canary-checker
diff --git a/modules/config-db b/modules/config-db
diff --git a/modules/duty b/modules/duty
diff --git a/modules/mission-control b/modules/mission-control
diff --git a/modules/mission-control-chart b/modules/mission-control-chart
diff --git a/modules/mission-control-registry b/modules/mission-control-registry
+2 −2		agent-chart/Chart.yaml
+1 −1		agent-chart/values.yaml
+3 −3		chart/Chart.yaml
+160 −11		chart/crds/mission-control.flanksource.com_views.yaml
+6 −0		chart/templates/rbac.yaml
+1 −1		chart/values.yaml
+512 −0		crd-chart/templates/canary-checker.flanksource.com_Canary.yaml
+3,751 −1,403		crd-chart/templates/configs.flanksource.com_scrapeconfigs.yaml
+449 −0		crd-chart/templates/mission-control.flanksource.com_applications.yaml
+638 −8		crd-chart/templates/mission-control.flanksource.com_playbooks.yaml
+938 −0		crd-chart/templates/mission-control.flanksource.com_views.yaml
+6 −6		.github/workflows/aws-exec.yml
+1 −1		.github/workflows/build.yml
+4 −4		.github/workflows/codeql.yml
+5 −5		.github/workflows/e2e-operator.yml
+8 −8		.github/workflows/gotest.yml
+20 −7		.github/workflows/helm-test.yml
+9 −12		.github/workflows/lint.yml
+42 −45		.github/workflows/release.yml
+4 −4		.github/workflows/scorecard.yml
+8 −8		.github/workflows/test.yml
+83 −0		SECURITY.md
+2 −2		build/full/Dockerfile
+2 −2		build/minimal/Dockerfile
+2 −8		build/slim/Dockerfile
+10 −3		chart/test.sh
+32 −3		checks/junit.go
+11 −0		cmd/root.go
+3 −3		cmd/topology.go
+2 −0		fixtures/k8s/_setup.sh
+3 −2		fixtures/k8s/kubernetes_resource_postgresql_helmrelease.yaml
+2 −2		fixtures/ldap/_setup.yaml
+1 −1		fixtures/minimal/http-crawl_pass.yaml
+251 −233		go.mod
+588 −515		go.sum
+20 −0		osv-scanner.toml
+0 −33		pkg/api/api.go
+0 −35		pkg/api/topology.go
+0 −3		pkg/cache/postgres.go
+7 −4		pkg/echo/server.go
+11 −0		pkg/jobs/canary/canary_jobs.go
+1 −0		pkg/jobs/jobs.go
+1 −1		pkg/topology/component_relationship.go
+0 −52		pkg/topology/query.go
+1 −2		test/Makefile
+8 −0		.github/dependabot.yml
+8 −5		.github/workflows/build-debug.yml
+5 −2		.github/workflows/build.yml
+3 −3		.github/workflows/lint.yml
+42 −39		.github/workflows/release.yml
+4 −4		.github/workflows/scorecard.yml
+22 −22		.github/workflows/test.yml
+1 −0		.gitignore
+22 −0		.trivyignore
+2 −2		Makefile
+82 −0		SECURITY.md
+34 −1		api/v1/common.go
+1 −0		api/v1/interface.go
+4 −0		api/v1/scrapeplugin_types.go
+1 −0		api/v1/types.go
+48 −0		api/v1/zz_generated.deepcopy.go
+1 −1		build/Dockerfile
+866 −0		chart/crds/configs.flanksource.com_scrapeconfigs.yaml
+54 −0		chart/crds/configs.flanksource.com_scrapeplugins.yaml
+2 −0		cmd/operator.go
+36 −0		config/schemas/config_aws.schema.json
+36 −0		config/schemas/config_azure.schema.json
+36 −0		config/schemas/config_azuredevops.schema.json
+36 −0		config/schemas/config_file.schema.json
+36 −0		config/schemas/config_gcp.schema.json
+36 −0		config/schemas/config_githubactions.schema.json
+36 −0		config/schemas/config_http.schema.json
+36 −0		config/schemas/config_kubernetes.schema.json
+36 −0		config/schemas/config_kubernetesfile.schema.json
+36 −0		config/schemas/config_logs.schema.json
+36 −0		config/schemas/config_slack.schema.json
+36 −0		config/schemas/config_sql.schema.json
+36 −0		config/schemas/config_terraform.schema.json
+36 −0		config/schemas/config_trivy.schema.json
+39 −0		config/schemas/scrape_config.schema.json
+4 −3		db/config.go
+8 −0		db/config_scraper.go
+44 −1		db/models/config_item.go
+7 −0		db/scrape_plugin.go
+25 −8		db/update.go
+59 −0		fixtures/plugins/aws-locations.yaml
+0 −0		fixtures/plugins/exclude-info-changes.yaml
+89 −0		fixtures/plugins/k8s.yaml
+0 −0		fixtures/plugins/kubernetes-change-type-mapping.yaml
+279 −267		go.mod
+667 −996		go.sum
+9 −2		jobs/jobs_test.go
+6 −2		jobs/sync_upstream.go
+20 −0		osv-scanner.toml
+2 −0		scrapers/common.go
+18 −4		scrapers/gcp/gcp.go
+7 −1		scrapers/gcp/gcp_test.go
+42 −1		scrapers/kubernetes/hook_argo.go
+39 −22		scrapers/kubernetes/hook_flux.go
+14 −0		scrapers/kubernetes/hooks.go
+66 −29		scrapers/kubernetes/kubernetes.go
+75 −0		scrapers/processors/json.go
+94 −0		scrapers/system/system.go
+2 −1		.github/workflows/release.yml
+2 −1		.github/workflows/stable-release.yml
+2 −1		.github/workflows/test.yml
+2 −1		.gitignore
+1 −1		charts/gcp/Chart.yaml
+23 −0		charts/gcp/templates/_helpers.tpl
+23 −0		charts/gcp/templates/scrape-plugin.yaml
+2 −1		charts/gcp/templates/scraper.yaml
+10 −4		charts/gcp/values.schema.json
+5 −0		charts/gcp/values.yaml
+1 −1		charts/kubernetes-view/Chart.yaml
+210 −83		charts/kubernetes-view/templates/cluster-overview.yaml
+16 −5		charts/kubernetes-view/templates/deployments.yaml
+151 −0		charts/kubernetes-view/templates/namespace.yaml
+135 −0		charts/kubernetes-view/templates/pod.yaml
+63 −17		charts/kubernetes-view/templates/pods.yaml
+12 −0		charts/kubernetes-view/values.schema.json
+10 −0		charts/kubernetes-view/values.yaml
+1 −1		charts/mission-control/Chart.yaml
+167 −0		charts/mission-control/templates/playbooks.yaml
+0 −22		charts/mission-control/templates/scraper.yaml
+129 −0		charts/mission-control/templates/view.yaml
+2 −0		charts/mission-control/values.yaml
+1 −1		charts/playbooks-kubernetes/Chart.yaml
+1 −1		charts/playbooks-kubernetes/templates/update-resource.yaml