Code review comment for lp:~joetalbott/uci-engine/add_v2_skeleton

Revision history for this message
Celso Providelo (cprov) wrote :

I think we should land a custom authorization class to explicitly support:

 1. *local* access for components inside the same deployment, established via juju-relation (think Lander or GK)
 2. *internal* access for components outside the deployment but inside the DC with the appropriate fw rules, established via juju-config (think ci-train jenkins or any other crack-of-the-day subsystem)

External access, coming via webui-apache proxy (host preserved) would be submitted to openid or oauth2 authentication (request.user is setup), at this point, specifically we say 'yes, for now ...' to anonymous request.

Later, when the CLI is able to grab a oauth token and use it, we just patch the custom Authorization class and we are done.

« Back to merge proposal