On Feb 23, 2015, at 9:22 AM, Henrik Lindberg <henrik.lindb...@cloudsmith.com> 
wrote:
> On 2015-23-02 17:47, Chris Price wrote:
>> Totally agree that we have too many formats.  That's why we tried to put
>> a lot of thought into picking one that we think is robust enough to
>> standardize on going forward.  :)  Also, the current auth.conf format is
>> none of the above, so moving it to any of the above would mean 'n - 1'
>> formats :)
> Is there an overlap with Node Classifier and RBAC as they also specify rules? 
> We would want to have a common way to handle rules in different domains.

Do you mean the rules that these services themselves model? (Like mapping 
objects to permission levels in RBAC) Because that is a very different data 
model that I wouldn't expect to render in a config file format at all.

On the other hand these services _should_ be able to use the auth.conf 
replacement to control access their HTTP endpoints, though. Right now all the 
clj services just have simplistic certificate whitelists.


Eric Sorenson - eric.soren...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-dev/7685A807-C0C7-4C49-9035-3EE9BE191227%40puppetlabs.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to