Hmm....can we push some of this down into Environments? It would be nice to have different auth.conf's (and the others) per environment so that I don't have to bust out my regex-fu every time.
Thanks, Trevor On Mon, Feb 23, 2015 at 12:22 PM, Henrik Lindberg < [email protected]> wrote: > On 2015-23-02 17:47, Chris Price wrote: > >> On Mon, Feb 23, 2015 at 7:09 AM, Trevor Vaughan <[email protected] >> <mailto:[email protected]>> wrote: >> >> Sorry to derail for the moment but HOCON + JSON + YAML + XML? Sounds >> great...... >> >> >> Totally agree that we have too many formats. That's why we tried to put >> a lot of thought into picking one that we think is robust enough to >> standardize on going forward. :) Also, the current auth.conf format is >> none of the above, so moving it to any of the above would mean 'n - 1' >> formats :) >> >> > Is there an overlap with Node Classifier and RBAC as they also specify > rules? We would want to have a common way to handle rules in different > domains. > > - henrik > > >> On Mon, Feb 23, 2015 at 9:57 AM, Chris Price <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Sun, Feb 22, 2015 at 9:18 PM, Eric Sorenson >> <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> Hi Brice! This project is really cool, thanks for taking it >> on. I have a few comments about requirements and design that >> I hope can save some work and make it easier to include this >> upstream once it's done. >> >> I went back and surveyed redmine, jira, and ask.pl.com >> <http://ask..pl.com> for bugs around auth.conf to see what >> people have run into over the years ( >> https://www.google.com/search?q=site%3Apuppetlabs.com+auth. >> conf&gws_rd=ssl >> <https://www.google.com/search?q=site:puppetlabs.com+ >> auth.conf&gws_rd=ssl> ), >> >> and from those results plus recalling conversations with >> #puppet there seem to be a few general categories that we >> should examine when designing a replacement >> >> First, I don't think you need to try to make it compatible >> with the existing auth.conf format. It'd be good to take the >> opportunity to move to a structured data format that is >> easier to read and write programmatically, >> >> >> It would be cool if we could figure out a way to represent the >> rules in HOCON, since that's the format we're using for pretty >> much all of our new config files going forward. That way, the >> same modules and tooling that we're building up around that data >> format could be used on the auth stuff, and the syntax would >> start to look more consistent and familiar compared to other new >> puppet config files. Since HOCON is basically a superset of >> JSON I'm thinking that maybe the rules could be written as >> basically a big array of maps. It'd be a little more verbose >> than the existing syntax, but I think the tradeoffs might be >> worth it. >> >> (This is presuming, of course, that we don't find some other >> existing model that we like, as Eric suggested.) >> >> >> >> -- >> You received this message because you are subscribed to the >> Google Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from >> it, send an email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/ >> CAMx1QfL9TvgyWJ5__utWk12CQ3y_q0Wk63uJr6efMxoEk4gLeA%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/ >> CAMx1QfL9TvgyWJ5__utWk12CQ3y_q0Wk63uJr6efMxoEk4gLeA%40mail. >> gmail.com?utm_medium=email&utm_source=footer>. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 <tel:%28410%29%20541-6699> >> [email protected] <mailto:[email protected]> >> >> -- This account not approved for unencrypted proprietary information >> -- >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/CANs% >> 2BFoVgeG5fYRqa3xkj9%3DKEQBpwB%2BUv%2BbRJsY0LoPTL8BZQ%3DQ%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/CANs% >> 2BFoVgeG5fYRqa3xkj9%3DKEQBpwB%2BUv%2BbRJsY0LoPTL8BZQ%3DQ% >> 40mail.gmail.com?utm_medium=email&utm_source=footer>. >> >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- >> You received this message because you are subscribed to the Google >> Groups "Puppet Developers" group. >> To unsubscribe from this group and stop receiving emails from it, send >> an email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-dev/CAMx1QfLpVd2swVDpqvX5Xgtq% >> 3DL7txZTkYKUTHLdOX5vOGUh-4g%40mail.gmail.com >> <https://groups.google.com/d/msgid/puppet-dev/CAMx1QfLpVd2swVDpqvX5Xgtq% >> 3DL7txZTkYKUTHLdOX5vOGUh-4g%40mail.gmail.com?utm_medium= >> email&utm_source=footer>. >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > > Visit my Blog "Puppet on the Edge" > http://puppet-on-the-edge.blogspot.se/ > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/puppet-dev/mcfnl1%247av%241%40ger.gmane.org. > > For more options, visit https://groups.google.com/d/optout. > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 [email protected] -- This account not approved for unencrypted proprietary information -- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/CANs%2BFoVqMwy9fDBN8dy3%3DQ5ERYBFuQ3BZdvP-b9MgM7crgNAAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
