feat: tenant-scoped environment network names
Environment networks now include the tenant ID to prevent cross-tenant
collisions: cameleer-env-{tenantId}-{envSlug} instead of cameleer-env-
{envSlug}. Without this, two tenants with a "dev" environment would
share the same Docker network.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -64,6 +64,9 @@ public class DeploymentExecutor {
|
||||
@Value("${cameleer.runtime.jar-storage-path:/data/jars}")
|
||||
private String jarStoragePath;
|
||||
|
||||
@Value("${cameleer.tenant.id:default}")
|
||||
private String tenantId;
|
||||
|
||||
public DeploymentExecutor(RuntimeOrchestrator orchestrator,
|
||||
DeploymentService deploymentService,
|
||||
AppService appService,
|
||||
@@ -116,8 +119,8 @@ public class DeploymentExecutor {
|
||||
// Traefik network for routing (apps need to be reachable by Traefik)
|
||||
networkManager.ensureNetwork(DockerNetworkManager.TRAEFIK_NETWORK);
|
||||
additionalNets.add(DockerNetworkManager.TRAEFIK_NETWORK);
|
||||
// Per-environment network for intra-environment service discovery
|
||||
envNet = DockerNetworkManager.envNetworkName(env.slug());
|
||||
// Per-environment network scoped to tenant to prevent cross-tenant collisions
|
||||
envNet = DockerNetworkManager.envNetworkName(tenantId, env.slug());
|
||||
networkManager.ensureNetwork(envNet);
|
||||
additionalNets.add(envNet);
|
||||
}
|
||||
|
||||
@@ -59,4 +59,9 @@ public class DockerNetworkManager {
|
||||
public static String envNetworkName(String envSlug) {
|
||||
return ENV_NETWORK_PREFIX + envSlug;
|
||||
}
|
||||
|
||||
/** Tenant-scoped environment network name to prevent cross-tenant collisions. */
|
||||
public static String envNetworkName(String tenantId, String envSlug) {
|
||||
return ENV_NETWORK_PREFIX + tenantId + "-" + envSlug;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user