Hmm....can we push some of this down into Environments? It would be nice to have different auth.conf's (and the others) per environment so that I don't have to bust out my regex-fu every time.
Thanks, Trevor On Mon, Feb 23, 2015 at 12:22 PM, Henrik Lindberg < henrik.lindb...@cloudsmith.com> wrote: > On 2015-23-02 17:47, Chris Price wrote: > >> On Mon, Feb 23, 2015 at 7:09 AM, Trevor Vaughan <tvaug...@onyxpoint.com >> <mailto:tvaug...@onyxpoint.com>> wrote: >> >> Sorry to derail for the moment but HOCON + JSON + YAML + XML? Sounds >> great...... >> >> >> Totally agree that we have too many formats. That's why we tried to put >> a lot of thought into picking one that we think is robust enough to >> standardize on going forward. :) Also, the current auth.conf format is >> none of the above, so moving it to any of the above would mean 'n - 1' >> formats :) >> >> > Is there an overlap with Node Classifier and RBAC as they also specify > rules? We would want to have a common way to handle rules in different > domains. > > - henrik > > >> On Mon, Feb 23, 2015 at 9:57 AM, Chris Price <ch...@puppetlabs..com >> <mailto:ch...@puppetlabs.com>> wrote: >> >> On Sun, Feb 22, 2015 at 9:18 PM, Eric Sorenson >> <eric.soren...@puppetlabs.com >> <mailto:eric.soren...@puppetlabs.com>> wrote: >> >> >> Hi Brice! This project is really cool, thanks for taking it >> on. I have a few comments about requirements and design that >> I hope can save some work and make it easier to include this >> upstream once it's done. >> >> I went back and surveyed redmine, jira, and ask.pl.com >> <http://ask..pl.com> for bugs around auth.conf to see what >> people have run into over the years ( >> https://www.google.com/search?q=site%3Apuppetlabs.com+auth. >> conf&gws_rd=ssl >> <https://www.google.com/search?q=site:puppetlabs.com+ >> auth.conf&gws_rd=ssl> ), >> >> and from those results plus recalling conversations with >> #puppet there seem to be a few general categories that we >> should examine when designing a replacement >> >> First, I don't think you need to try to make it compatible >> with the existing auth.conf format. It'd be good to take the >> opportunity to move to a structured data format that is >> easier to read and write programmatically, >> >> >> It would be cool if we could figure out a way to represent the >> rules in HOCON, since that's the format we're using for pretty >> much all of our new config files going forward. That way, the >> same modules and tooling that we're building up around that data >> format could be used on the auth stuff, and the syntax would >> start to look more consistent and familiar compared to other new >> puppet config files. Since HOCON is basically a superset of >> JSON I'm thinking that maybe the rules could be written as >> basically a big array of maps. It'd be a little more verbose >> than the existing syntax, but I think the tradeoffs might be >> worth it. >> >> (This is presuming, of course, that we don't find some other >> existing model that we like, as Eric suggested.) >> >> >> >> -- >> You received this message because you are subscribed to the >> Google Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from >> it, send an email to puppet-dev+unsubscr...@googlegroups.com >> <mailto:puppet-dev+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/ >> CAMx1QfL9TvgyWJ5__utWk12CQ3y_q0Wk63uJr6efMxoEk4gLeA%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/ >> CAMx1QfL9TvgyWJ5__utWk12CQ3y_q0Wk63uJr6efMxoEk4gLeA%40mail. >> gmail.com?utm_medium=email&utm_source=footer>. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 <tel:%28410%29%20541-6699> >> tvaug...@onyxpoint.com <mailto:tvaug...@onyxpoint.com> >> >> -- This account not approved for unencrypted proprietary information >> -- >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to puppet-dev+unsubscr...@googlegroups.com >> <mailto:puppet-dev+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/CANs% >> 2BFoVgeG5fYRqa3xkj9%3DKEQBpwB%2BUv%2BbRJsY0LoPTL8BZQ%3DQ%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/CANs% >> 2BFoVgeG5fYRqa3xkj9%3DKEQBpwB%2BUv%2BbRJsY0LoPTL8BZQ%3DQ% >> 40mail.gmail.com?utm_medium=email&utm_source=footer>. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to puppet-dev+unsubscr...@googlegroups.com >> <mailto:puppet-dev+unsubscr...@googlegroups.com>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/CAMx1QfLpVd2swVDpqvX5Xgtq% >> 3DL7txZTkYKUTHLdOX5vOGUh-4g%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/CAMx1QfLpVd2swVDpqvX5Xgtq% >> 3DL7txZTkYKUTHLdOX5vOGUh-4g%40mail.gmail.com?utm_medium= >> email&utm_source=footer>. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > > Visit my Blog "Puppet on the Edge" > http://puppet-on-the-edge.blogspot.se/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-dev/mcfnl1%247av%241%40ger.gmane.org. > > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 tvaug...@onyxpoint.com -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoVqMwy9fDBN8dy3%3DQ5ERYBFuQ3BZdvP-b9MgM7crgNAAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
