Restrict platform choice of workspaces
complete
Felix
We want to restrict access to platforms to workspaces upon creation of workspaces by the cloud onboarding portal.
Right now there are two options:
- Setting up the platform as private and adding workspaces to a list. Downside: The restrictions can't be updated via API. So customers would have to wait until someone manually adds them to the list, which defeats the purpose of meshStack.
- Using tags and policies: I have a tag "allowedPlatforms" on workspace level and a tag "platform" on Landing Zone level. Downside: Customers have to enter a platform tag (which they already provided on workspace level) again on project level because policies between workspace and landing zones are not supported. This again defeats the purpose of meshStack as an integrated platform that knows your context already.
Solution patterns:
- https://meshcloud.canny.io/feature-requests/p/meshplatform-configuration-via-api
- "Inheriting" tag values from workspace to project level
- Directly create policies between Workspaces and Landing Zones
Jelle den Burger
complete
Great news! We now support this by the ability to define a policy between Workspace & Landing Zones.