platform: read ownership labels under agents.nanohype.dev/* with legacy fallback#33
Merged
Conversation
…cy fallback The eks-agent-platform operator migrated its k8s labels from eks-agent-platform/* to the resource-tagging standard's agents.nanohype.dev/* prefix. The platform audit reads those ownership labels off each tenant namespace (platform / tenant / persona) to flag conformance gaps — so it now reads the canonical agents.nanohype.dev/* keys, falling back to the legacy eks-agent-platform/* keys so the audit is correct against both a migrated and a not-yet-migrated cluster. The check is now an ordered slice (deterministic finding output) keyed on the canonical label; the remediation text points at agents.nanohype.dev. Adds a test asserting a namespace carrying only the legacy labels stays conformant. Verified: task build + go vet + gofmt clean; go test ./internal/platform green; internal/platform coverage 83.2% (floor 80%).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Companion to eks-agent-platform#43. The operator migrated its k8s labels
eks-agent-platform/*→agents.nanohype.dev/*. cloudgov's platform audit reads those ownership labels (platform/tenant/persona) off each tenant namespace to flag conformance gaps — it's a reader, not a selector, so it degrades gracefully, but it'd emit false "label missing" findings until updated.Now it reads the canonical
agents.nanohype.dev/*keys with a fallback to the legacyeks-agent-platform/*keys, so the audit is correct against both a migrated and a not-yet-migrated cluster. The check became an ordered slice (deterministic output) and the remediation text points at the new prefix. Added a test asserting a legacy-labeled namespace stays conformant.Verified:
task build+go vet+ gofmt clean ·go test ./internal/platformgreen · coverage 83.2% (floor 80%).