Rough-in Almanac namespaces


Rough-in Almanac namespaces

Ref T6741. Ref T10246.

Root problem: to provide Drydock in the cluster, we need to expose Almanac, and doing so would let users accidentally or intentionally create a bunch of repo006.phacility.net devices/services which could conflict with the real ones we manage.

There's currently no way to say "you can't create anything named *.blah.net". This adds "namespaces", which let you do that (well, not yet, but they will after the next diff).

After the next diff, if you try to create repo003.phacility.net, but the namespace phacility.net already exists and you don't have permission to edit it, you'll be asked to choose a different name.

Also various modernizations and some new docs.

Test Plan:

  • Created cool namespaces like this.computer.
  • Almanac namespaces don't actually enforce policies yet.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T6741, T10246

Differential Revision: https://secure.phabricator.com/D15324