Code review comment for lp:~hazmat/pyjuju/states-with-principals
Revision history for this message
| Kapil Thangavelu (hazmat) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Wed, Apr 4, 2012 at 10:32 AM, <email address hidden> wrote:
> As we discussed before, this looks like a pretty significant change for
> that point in time.
>
> Either way, if you want to go with it, we need a written down
> description of what is going on here in terms of changes to the public
> interfaces, as usual.
>
> https:/
It seems to be the number one concern regarding the failed MIR.
The implementation here is per the security spec discussed last fall,
incorporating feedback from the initial reviews. The spec is out of date
(uses ensemble instead of juju), and per feedback the OTP agent was dropped
for interceptable OTP tokens.
There aren't any public interface changes, just the imposition of ACLs onto
existing nodes.
I can update the spec and send it around to the list if you'd like.. but as
is, the components can effectively be merged as the default security
policy is permissive, ie no functional delta till the policy is activated.
-k