From a16fc9a23cc139b7e2e4578fb59c60883fb5da02 Mon Sep 17 00:00:00 2001 From: distix ticketing system Date: Fri, 23 Nov 2018 18:38:10 +0000 Subject: imported mails --- .../cur/.this-dir-not-empty/.empty/empty-file | 0 .../new/.this-dir-not-empty/.empty/empty-file | 0 .../Maildir/new/1542998290.M157125P18147Q1.koom | 137 +++++++++++++++++++++ .../tmp/.this-dir-not-empty/.empty/empty-file | 0 .../7bffecb37eb447d1990f2c220b562b0c/ticket.yaml | 6 + 5 files changed, 143 insertions(+) create mode 100644 tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/cur/.this-dir-not-empty/.empty/empty-file create mode 100644 tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/.this-dir-not-empty/.empty/empty-file create mode 100644 tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/1542998290.M157125P18147Q1.koom create mode 100644 tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/tmp/.this-dir-not-empty/.empty/empty-file create mode 100644 tickets/7bffecb37eb447d1990f2c220b562b0c/ticket.yaml diff --git a/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/cur/.this-dir-not-empty/.empty/empty-file b/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/cur/.this-dir-not-empty/.empty/empty-file new file mode 100644 index 0000000..e69de29 diff --git a/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/.this-dir-not-empty/.empty/empty-file b/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/.this-dir-not-empty/.empty/empty-file new file mode 100644 index 0000000..e69de29 diff --git a/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/1542998290.M157125P18147Q1.koom b/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/1542998290.M157125P18147Q1.koom new file mode 100644 index 0000000..4d10a7f --- /dev/null +++ b/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/new/1542998290.M157125P18147Q1.koom @@ -0,0 +1,137 @@ +Return-Path: +X-Original-To: distix@pieni.net +Delivered-To: distix@pieni.net +Received: from yaffle.pepperfish.net (yaffle.pepperfish.net [88.99.213.221]) + by pieni.net (Postfix) with ESMTPS id 811A9415CE + for ; Fri, 23 Nov 2018 18:37:19 +0000 (UTC) +Received: from platypus.pepperfish.net (unknown [10.112.101.20]) + by yaffle.pepperfish.net (Postfix) with ESMTP id 59D8141310 + for ; Fri, 23 Nov 2018 18:37:19 +0000 (GMT) +Received: from ip6-localhost.nat ([::1] helo=platypus.pepperfish.net) + by platypus.pepperfish.net with esmtp (Exim 4.80 #2 (Debian)) + id 1gQGKN-0003wW-9i; Fri, 23 Nov 2018 18:37:19 +0000 +Received: from koom.pieni.net ([88.99.190.206] helo=pieni.net) + by platypus.pepperfish.net with esmtpsa (Exim 4.80 #2 (Debian)) + id 1gQGKM-0003w6-OH + for ; Fri, 23 Nov 2018 18:37:18 +0000 +Received: from exolobe1.liw.fi (62-78-212-250.bb.dnainternet.fi + [62.78.212.250]) by pieni.net (Postfix) with ESMTPSA id 37EC4415CE + for ; Fri, 23 Nov 2018 18:37:18 +0000 (UTC) +Received: from exolobe1.liw.fi (localhost [127.0.0.1]) + by exolobe1.liw.fi (Postfix) with ESMTPS id 8BE3A11FA95 + for ; Fri, 23 Nov 2018 20:37:17 +0200 (EET) +Date: Fri, 23 Nov 2018 20:37:16 +0200 +From: Lars Wirzenius +To: ick-discuss@ick.liw.fi +Message-ID: <20181123183716.GB5774@exolobe1.liw.fi> +MIME-Version: 1.0 +User-Agent: Mutt/1.10.1 (2018-07-13) +X-Pepperfish-Transaction: ee3b-8a12-5000-8f58 +X-Pepperfish-Transaction-By: platypus +Subject: New Ick component: Muck, for JSON storage +X-BeenThere: ick-discuss@ick.liw.fi +X-Mailman-Version: 2.1.5 +Precedence: list +List-Id: discussions about the ick CI system +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +Content-Type: multipart/mixed; boundary="===============2330713778803060933==" +Mime-version: 1.0 +Sender: ick-discuss-bounces@ick.liw.fi +Errors-To: ick-discuss-bounces@ick.liw.fi + + +--===============2330713778803060933== +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; boundary="BwCQnh7xodEAoBMC" +Content-Disposition: inline + + +--BwCQnh7xodEAoBMC +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +Hi all. + +One of the problems Ick currently has is that every user can see, and +modify, and delete, any project and any pipeline of any user. To fix +this, Ick needs to assign an owner to each such "resource", and only +allow authorized users to access the resource. + +To begin with, "authorized" will mean "is owned by", but later this +will become more flexible: the owner will be able to specify for +various groups of users what they can do. + +The first step is to introduce the concept of resource ownership. For +this, I intend to add a new component to Ick, which stores structured +data in the form of JSON objects. I've written a proof-of-concept +prototype of this, and it's called Muck. The code is at +. A README has some documentation: +zhttp://git.liw.fi/muck-poc/tree/README>. + +Muck stores JSON objects in memory, but persistently: they get written +to disk and loaded back into memory if the service is restarted. +Access is via a RESTful HTTP API, with authorization handled by signed +JWT access token provided by Qvisqve. In other words, exacly like the +controller and artifact store. + +Unlike the controller and artifact store, however, each resource is +assigned an owner upon creation. The owner is taken from the "sub" +claim of the access token. For now, only the owner can see, update, or +delete the resource. + +Each resource is assigned a random identifier by Muck. There is a way +to search for resources, based on metadata or resource content. + +Muck exists. I will (slowly) start converting the controller and other +components, and API users, to use it. Once that is done, mortal +enemies will be able to share an Ick instance without having to fear +each other. + +Thoughts? + +--=20 +I want to build worthwhile things that might last. --joeyh + +--BwCQnh7xodEAoBMC +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEETNTnrewG6wEE1EJ3bC+mFux6IDEFAlv4SNsACgkQbC+mFux6 +IDFaig/+I5IMJgdEEjMxtCoy/+v9rHGKSTbSZKdTSSvl6U6D6+1eOpDyvJDd5aUK +o83jhQk7rLxndZ76gKw4ADiuBNh+mLCg9evfJ/Y9FtYitbZu5rKiakuHabl+H7cT +PmOq4sVmHyZgbME00pr0Lyup70KoVZAsNFrx9uPuJ7KCED2wkXf71hgi5KuYjXvI +JktUSoclZsil//th/0nkCDcPYy0W1imGcRndGxZb7sFMDihYXSGV6rccp6Q59xCB +bmRFAGM6sKXRAr6WV33Hy3broWl6ZvarA9biotmgj+Nm/OZXH1KFoJv8MXrbF8Wy +uy1SHNGUiifdamZ7+brqGnS36kNXuoTJF0GYn4pZJ0djtVoSeWOFt6SiYwRLvmnl +h2dLmaeumabMizE08CIRNXRunwd9cF7gd0taq5W2aHRs4PpNCdJOE1n7K3ZWlcjo +TGDMYVzIWY0Sbm4v63sx+Ao7NgO8WCTAptosKlWK20gpW0DWPZtkuteFu+SMIXCh +Xh8PvyVVFdQSkH2dR64mF3CWf2m2a7u2vPeRMRvKOkzy376m8x6T5yQu7fUioQhD +hNQ9HPmYcd2qmh/KSg8rtlHc5asLzIPSN5/fSlXZbMBU2LU5v3yPMZj43+0rOZYc +oYVashz3X+OJB2c2W6iChRY6VGHRNgYiSj17W5hJduYAiUytM7c= +=hHvB +-----END PGP SIGNATURE----- + +--BwCQnh7xodEAoBMC-- + + +--===============2330713778803060933== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: inline + +_______________________________________________ +ick-discuss mailing list +ick-discuss@ick.liw.fi +https://listmaster.pepperfish.net/cgi-bin/mailman/listinfo/ick-discuss-ick.liw.fi + +--===============2330713778803060933==-- + diff --git a/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/tmp/.this-dir-not-empty/.empty/empty-file b/tickets/7bffecb37eb447d1990f2c220b562b0c/Maildir/tmp/.this-dir-not-empty/.empty/empty-file new file mode 100644 index 0000000..e69de29 diff --git a/tickets/7bffecb37eb447d1990f2c220b562b0c/ticket.yaml b/tickets/7bffecb37eb447d1990f2c220b562b0c/ticket.yaml new file mode 100644 index 0000000..16a7bcf --- /dev/null +++ b/tickets/7bffecb37eb447d1990f2c220b562b0c/ticket.yaml @@ -0,0 +1,6 @@ +status: +- open +ticket-id: +- 7bffecb37eb447d1990f2c220b562b0c +title: +- 'New Ick component: Muck, for JSON storage' -- cgit v1.2.1