On 03/07/2011 06:19 PM, Randall Hansen wrote:
On Mar 7, 2011, at 3:39 PM, John Warburton wrote:
Everything everyone else has said plus audit logging of actions taken by the user, and
ways to report on that (even a "last x changes" on the node view)
Yes, absolutely. RBAC is incomplete without
On Mar 7, 2011, at 3:39 PM, John Warburton wrote:
> Everything everyone else has said plus audit logging of actions taken by the
> user, and ways to report on that (even a "last x changes" on the node view)
Yes, absolutely. RBAC is incomplete without good auditing.
r
--
You received this me
On 3 March 2011 06:02, Randall Hansen wrote:
> Role-based access will be one of the next big features in Dashboard. If
> this is something that would help you, will you tell me the minimum features
> that you would consider useful? That is, the features without which RBAC
> would be useless to
Hi Randal,
I think that about covers my thoughts too.
The idea being I already have a qa- team group in ldap populated with some QA
staff members. I would want then to have 'view' access to say a web host group
which might be a dashboard or ldap group of nodes. DBA ldap group would access
the
Denmat wrote:
Very high level but I would like to see the following:
• to be able to create roles such as viewer, editor, administrator
• these roles be ldap groups
Den, will you tell me more about roles being LDAP groups? To my
perception that could mean:
* Manually creating a role in Das
On Mar 3, 2011, at 1:40 PM, Brian Gupta wrote:
>> Absolutely. I'll keep your name on my list, and we'll make our plans in
>> public.
>
> Any sense on a timeframe?
Not at all. I don't like that answer either, but it's the only truth we have.
We'll have a better idea when our roadmap for Dash
Brian Gupta wrote:
> We'll definably check it out. I'm wondering right now who's version we
> should start testing, and where we install it? Also does it interface
> directly with dashboard, or is everything proxied through the puppetmaster?
>
Brian
Use Luke's (lak). It's largely a CLI for inter
Brian Gupta wrote:
>
> Yes it will also make it possible to integrate with Ubuntu's cloud-init
> framework, which has quickly become the standard for cloud-based
> post-spinup node customization and configuration, with CentOS and other
> distro support included. Amazon has even adopted it now. Tha
On Thu, Mar 3, 2011 at 4:25 PM, James Turnbull wrote:
> Brian Gupta wrote:
> > We find it frequently useful to be able to set variables from within
> > puppet to communicate information from one module or class to another,
> > or to save state across puppet runs. It also makes cloud management a
On Thu, Mar 3, 2011 at 12:27 PM, Randall Hansen wrote:
> On Mar 3, 2011, at 9:20 AM, Brian Gupta wrote:
>
> > Also, going forward, it would be very helpful for the API to be an equal
> citizen of the GUI.
>
> I agree, Brian. While we plan to improve Dashboard's GUI for those who
> want it, it's o
Brian Gupta wrote:
> We find it frequently useful to be able to set variables from within
> puppet to communicate information from one module or class to another,
> or to save state across puppet runs. It also makes cloud management and
> bootstrapping easier to be able to specify classes/variable
On Mar 3, 2011, at 9:20 AM, Brian Gupta wrote:
> Also, going forward, it would be very helpful for the API to be an equal
> citizen of the GUI.
I agree, Brian. While we plan to improve Dashboard's GUI for those who want
it, it's often hard to beat a CLI for efficiency and repeatability.
> Ple
On 2 March 2011 23:59, Trevor Vaughan wrote:
> Beyond what Den pointed out, I would like to see either native (or
> good instructions) support for authenticating with X.509 PKI
> certificates.
>
> You would need to be able to specify:
>
> - The trusted CA chains
> - The CRL/OCSP/SCVP connections
>
We find it frequently useful to be able to set variables from within puppet
to communicate information from one module or class to another, or to save
state across puppet runs. It also makes cloud management and bootstrapping
easier to be able to specify classes/variables from a command line scrip
Agreed on keeping auth and auth separately pluggable concerns. RADIUS and LDAP
are also what I would like for authentication. We'd probably be OK with even an
internal authorization system, since that's what our other management apps use.
-- O
On Mar 2, 2011, at 5:01 PM, Frank Sweetser wrote:
On 3/2/2011 7:42 PM, Randall Hansen wrote:
On Mar 2, 2011, at 3:51 PM, Frank Sweetser wrote:
In this scenario, it would be far more useful to simply use LDAP to verify
usernames and passwords, and then consult internal records to assign a list
of roles.
This is a great use case, Frank. What
On Mar 2, 2011, at 3:51 PM, Frank Sweetser wrote:
> In this scenario, it would be far more useful to simply use LDAP to verify
> usernames and passwords, and then consult internal records to assign a list
> of roles.
This is a great use case, Frank. What do you mean by "internal records" in
t
Brian Gupta wrote:
> Randall, sorry for the offtopic response, but our team needs a "write"
> API before RBAC. WIthout it Dashboard is a non-starter in our shop.
Brian
Can you articulate what you'd like to see from this API whilst we're
here and I'll capture it in a ticket.
Thanks
James
--
Ja
Randall, sorry for the offtopic response, but our team needs a "write" API
before RBAC. WIthout it Dashboard is a non-starter in our shop.
As for your RBAC question, I envision a time when, through dashboard, you
will be able to handle complex provisioning workflows, being able to give
people exec
Beyond what Den pointed out, I would like to see either native (or
good instructions) support for authenticating with X.509 PKI
certificates.
You would need to be able to specify:
- The trusted CA chains
- The CRL/OCSP/SCVP connections
- What attribute/regex contains the username of the user
- An
On 3/2/2011 2:02 PM, Randall Hansen wrote:
Good people ~
Role-based access will be one of the next big features in Dashboard. If this
is something that would help you, will you tell me the minimum features that
you would consider useful? That is, the features without which RBAC would be
useles
Hi Randal,
Very high level but I would like to see the following:
• to be able to create roles such as viewer, editor, administrator
• these roles be ldap groups
• to be able class or group hosts and assign them to a group of admins to watch
- while excluding their ability to see certain hosts.
•
Good people ~
Role-based access will be one of the next big features in Dashboard. If this
is something that would help you, will you tell me the minimum features that
you would consider useful? That is, the features without which RBAC would be
useless to you.
I'm sure there'll be disagreeme
23 matches
Mail list logo
