security(PS-1634): remove T-Mobile customer name references from work…#97
security(PS-1634): remove T-Mobile customer name references from work…#97brathina-spectro wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Removes hardcoded customer-identifying T‑Mobile label references from Terraform and namespace-labeler job configs to address PS-1634 (customer attribution exposure).
Changes:
- Removed commented/inline
k8s.t-mobile.com/*labels from the vSphere cluster module (Terraform). - Removed
k8s.t-mobile.com/*namespace labels from namespace-labeler Job manifests across live/staging and airgap variants.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| discovery/modules/tke-cluster/cluster.tf | Removes hardcoded k8s.t-mobile.com/* worker/master pool labels. |
| discovery/config/namespace-labeler.yaml | Removes k8s.t-mobile.com/* label entries from the namespace labeler. |
| discovery/config-stg/namespace-labeler.yaml | Same removal for staging. |
| discovery-airgap/config/namespace-labeler.yaml | Same removal for airgap. |
| discovery-airgap/config-stg/namespace-labeler.yaml | Same removal for airgap staging. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…labeler jobs Addresses Copilot review feedback on PR #97. When labels_arr is empty (after removing customer-specific labels), the Job would still run as a privileged no-op with wildcard RBAC on namespaces. Adding an early-exit prevents unnecessary execution of the privileged components. Affected files: - discovery/config/namespace-labeler.yaml - discovery/config-stg/namespace-labeler.yaml - discovery-airgap/config/namespace-labeler.yaml - discovery-airgap/config-stg/namespace-labeler.yaml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@brathina-spectro , The following files, which contain T-mobile references, are not included in this PR. Please do check. discovery-maas/main.tf |
…ing tree Removes all hardcoded T-Mobile references from live configuration files as required by PS-1634 (bug bounty report - customer attribution exposure). Files remediated: - discovery/modules/tke-cluster/cluster.tf - discovery/config/namespace-labeler.yaml - discovery/config-stg/namespace-labeler.yaml - discovery-airgap/config/namespace-labeler.yaml - discovery-airgap/config-stg/namespace-labeler.yaml Git history purge (all branches) to follow as a separate step. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…labeler jobs Addresses Copilot review feedback on PR #97. When labels_arr is empty (after removing customer-specific labels), the Job would still run as a privileged no-op with wildcard RBAC on namespaces. Adding an early-exit prevents unnecessary execution of the privileged components. Affected files: - discovery/config/namespace-labeler.yaml - discovery/config-stg/namespace-labeler.yaml - discovery-airgap/config/namespace-labeler.yaml - discovery-airgap/config-stg/namespace-labeler.yaml Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
brathina-spectro
force-pushed
the
security/PS-1634-remove-customer-references
branch
from
c1436dc to
ae731bc
Compare
…ing tree
Removes all hardcoded T-Mobile references from live configuration files as required by PS-1634 (bug bounty report - customer attribution exposure).
Files remediated:
Git history purge (all branches) to follow as a separate step.