Puppet RFC 22: HTTP Authorization Framework

84 views
Skip to first unread message

Eric Sorenson

unread,
Sep 14, 2015, 2:55:15 PM9/14/15
to puppe...@googlegroups.com
Hi, I posted a design doc I wrote around the current state of the Clojure-based auth.conf replacement that Brice wrote as a Puppet RFC. Here's the public google doc link:


Please feel free to read and comment. There have been some good discussions here on puppet-dev earlier so much of it is underway, but it'd be great to have feedback as some of the details have evolved around rule sort order, match parameters, etc.

Eric Sorenson - eric.s...@puppetlabs.com - freenode #puppet: eric0
puppet platform // coffee // techno // bicycles

Eric Sorenson

unread,
Oct 15, 2015, 5:34:27 PM10/15/15
to Puppet Developers
Bumping this thread, prompted by Josh Hoblitt's comment about the PRFC process.

There was some good commentary on the doc, thanks very much for that.

it seems like the main outstanding question is the name of the Puppet module which manages the resources; Reid commented in the doc that it seems "presumptuously generic" to call the defined type `http_authorization::rule`; I kind of disagree but don't have super strong feelings about it and can definitely see the point. Any opinions? I'd like to get that resolved pretty quickly.

Once we resolve this question I'll push the RFC through to "Funded".

--eric

Trevor Vaughan

unread,
Oct 18, 2015, 7:37:14 PM10/18/15
to puppe...@googlegroups.com
Reading the doc again, it seems to be (sort of) already named tk_auth::rule or trapperkeeper_auth::rule.

I'm OK with whatever as long as it's namespaced.

However, given that lots of people probably have a 'puppet' namespace, you might need another one so that you don't conflict with other people's existing code.

I called mine 'pupmod' since it felt like 'puppet' might be reserved at some time in the future.

Trevor

--
You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-dev+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-dev/3627191a-7d19-485d-92f8-0107de674462%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.



--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699

-- This account not approved for unencrypted proprietary information --

Eric Sorenson

unread,
Oct 18, 2015, 11:23:43 PM10/18/15
to puppe...@googlegroups.com

On Oct 18, 2015, at 4:37 PM, Trevor Vaughan <tvau...@onyxpoint.com> wrote:

Reading the doc again, it seems to be (sort of) already named tk_auth::rule or trapperkeeper_auth::rule.

I'm OK with whatever as long as it's namespaced.

However, given that lots of people probably have a 'puppet' namespace, you might need another one so that you don't conflict with other people's existing code.

I called mine 'pupmod' since it felt like 'puppet' might be reserved at some time in the future.


After the comment thread in the doc last wee, top-line module is now `puppet_authorization` and the defined type to manage rules is `puppet_authorization::rule` so I think we should be clear of namespace conflicts.
Reply all
Reply to author
Forward
0 new messages