Page MenuHomePhabricator

Apply namespace locking rules in Almanac
ClosedPublic

Authored by epriestley on Feb 21 2016, 10:43 PM.
Tags
None
Referenced Files
F13087097: D15325.diff
Thu, Apr 25, 12:51 AM
Unknown Object (File)
Fri, Apr 19, 4:14 PM
Unknown Object (File)
Thu, Apr 18, 3:23 PM
Unknown Object (File)
Sun, Apr 7, 2:27 PM
Unknown Object (File)
Sat, Apr 6, 11:40 AM
Unknown Object (File)
Sat, Apr 6, 9:14 AM
Unknown Object (File)
Sun, Mar 31, 10:36 PM
Unknown Object (File)
Sun, Mar 31, 3:16 PM
Subscribers
None

Details

Summary

Ref T10246. Ref T6741.

When you have a namespace like "phacility.net", require users creating services and devices within it to have edit permission on the namespace.

This primarily allows us to lock down future device names in the cluster, so instances can't break themselves once they get access to Almanac.

Test Plan
  • Configured a phacility.net namespace, locked myself out of it.
  • Could not create new stuff.phacility.net services/devices.
  • Could still edit existing devices I had permission for.
  • Configured a free.phacility.net namespace with more liberal policies.
  • Could create me.free.phacility.net.
  • Still could not create other.phacility.net.

Diff Detail

Repository
rP Phabricator
Branch
almanac6
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 10798
Build 13298: Run Core Tests
Build 13297: arc lint + arc unit

Event Timeline

epriestley retitled this revision from to Apply namespace locking rules in Almanac.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
  • Slightly clearer documentation.
chad edited edge metadata.
This revision is now accepted and ready to land.Feb 22 2016, 6:47 AM
This revision was automatically updated to reflect the committed changes.