On Tue, Aug 02, 2011 at 09:07:03AM -0400, John R. Dunning wrote:
From: "Hugh Brock" hbrock@redhat.com Date: Mon, 1 Aug 2011 16:45:32 -0400
[...]
You're right, Conductor should be the only path to the Warehouse I think. The Factory is ultimately just a library, so I'm not sure it necessarily needs access control unless it is going to write something to the Warehouse, in which case I think that has to go through Conductor.
I think that's fine for short term. Recall, however, that there have been numerous use cases kicked around for factory working with warehouse completely separate from conductor. Morgan's RHUI being a prime example, also things which some of the platform guys have talked about. That reasoning is part of why it was architected the way it was.
That said, there's no compelling reason why the way factory stores images, when used in concert with conductor, is via an api back into conductor. I'm mostly advocating keeping in mind that that's likely not the only use case.
I have no issues with this. We will need to decide if, in the case where factory + warehouse operate independently from Conductor, they still need to be part of the shared identity infrastructure with Katello and Conductor. If that turns out to be the case then the Warehouse is going to need to grow some kind of authentication and authorization capability. But I don't believe we need to decide that or worry about that now, do you?
--H