docs: random bits (#93)

* docs: multi-tenancy Signed-off-by: Michael Crenshaw <[email protected]> * fine point Signed-off-by: Michael Crenshaw <[email protected]> * typo Signed-off-by: Michael Crenshaw <[email protected]> * docs: random bits Signed-off-by: Michael Crenshaw <[email protected]> --------- Signed-off-by: Michael Crenshaw <[email protected]>
argoproj-labs · Nov 5, 2024 · 1b42290 · 1b42290
1 parent 13ed2ac
commit 1b42290
Show file tree

Hide file tree

Showing 8 changed files with 17 additions and 21 deletions.
diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml
@@ -1,4 +1,3 @@
-## Append samples of your project ##
 resources:
 - promoter_v1alpha1_pullrequest.yaml
 - promoter_v1alpha1_commitstatus.yaml

diff --git a/config/samples/promoter_v1alpha1_changetransferpolicy.yaml b/config/samples/promoter_v1alpha1_changetransferpolicy.yaml
@@ -10,5 +10,7 @@ spec:
     name: promoter-testing
   proposedBranch: environment/development-next
   activeBranch: environment/development
-  commitStatuses:
+  proposedCommitStatuses:
+    - key: deployment-freeze
+  activeCommitStatuses:
     - key: healthy
diff --git a/config/samples/promoter_v1alpha1_commitstatus.yaml b/config/samples/promoter_v1alpha1_commitstatus.yaml
@@ -8,12 +8,9 @@ metadata:
   name: commitstatus-sample
 spec:
     sha: 68522faaf5591f98c7a89dd74069e79195e4d6c6
-    repository:
-      owner: zachaller
-      name: promoter-testing
-      gitRepositoryRef:
-          name: scmprovider-sample
+    gitRepositoryRef:
+        name: scmprovider-sample
     phase: pending
     name: health
     description: "The build succeeded!"
-    url: "https://google.com"
+    url: "https://example.com"
diff --git a/config/samples/promoter_v1alpha1_gitrepository.yaml b/config/samples/promoter_v1alpha1_gitrepository.yaml
@@ -6,4 +6,7 @@ metadata:
     app.kubernetes.io/managed-by: kustomize
   name: gitrepository-sample
 spec:
-  # TODO(user): Add fields here
+  repo:
+  owner:
+  scmProviderRef:
+    name: example-scm-provider
diff --git a/config/samples/promoter_v1alpha1_promotionstrategy.yaml b/config/samples/promoter_v1alpha1_promotionstrategy.yaml
@@ -8,7 +8,6 @@ metadata:
 spec:
   gitRepositoryRef:
     name: promoter-testing
-  dryBranch: main
   activeCommitStatuses:
     - key: healthy
     - key: healthy-load

diff --git a/docs/multi-tenancy.md b/docs/multi-tenancy.md
@@ -15,9 +15,10 @@ To enable self-service PromotionStrategy management for multiple tenants, a GitO
 tenant write access to a namespace to manage these resources. As long as the GitOps Promoter controller has access to 
 those namespaces, it will reconcile the resources. 
 
-PromotionStrategies, GitRepositories, and ScmProviders may only reference resources in the same namespace. This prevents
-one tenant from referencing a Secret in another tenant's namespace and gaining write access to another tenant's 
-repositories.
+Secrets with SCM credentials may only be referenced by ScmProviders in the same namespace, which in turn may only be
+referenced by GitRepositories in the same namespace, which may only be referenced by PromotionStrategies in the same
+namespace. Limiting these references to a namespace prevents one tenant from referencing a Secret in another tenant's 
+namespace and thereby gaining write access to another tenant's repositories.
 
 **Important**: Provision Secrets securely!
 
@@ -28,6 +29,9 @@ If an administrator does not want to use namespace-based tenancy, they must eith
 resources themselves or build some other system to regulate Secret access among tenants (for example, by validating
 that one tenant's resources do not reference another tenant's resources within the same namespace).
 
+If there are no trust boundaries to be enforced among PromotionStrategy users, a GitOps Promoter admin may choose to 
+host all resources in a single namespace, keeping in mind the need to avoid resource name collisions.
+
 ## CommitStatus Tenancy
 
 As with PromotionStrategies, all references from CommitStatuses (to GitRepositories, then ScmProviders, and finally to

diff --git a/internal/controller/promotionstrategy_controller.go b/internal/controller/promotionstrategy_controller.go
@@ -61,10 +61,6 @@ type PromotionStrategyReconciler struct {
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the PromotionStrategy object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile

diff --git a/internal/controller/pullrequest_controller.go b/internal/controller/pullrequest_controller.go
@@ -52,10 +52,6 @@ type PullRequestReconciler struct {
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.
-// TODO(user): Modify the Reconcile function to compare the state specified by
-// the PullRequest object against the actual cluster state, and then
-// perform operations to make the cluster state reflect the state specified by
-// the user.
 //
 // For more details, check Reconcile and its Result here:
 // - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/reconcile