-
Notifications
You must be signed in to change notification settings - Fork 91
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: declarative cache configuration. #169
Comments
Scripting the initialization, authentication, and cache creation steps feels like an intuitive workflow at the moment, despite the imperative nature of it. This feature could introduce security concerns. If a bad actor gains access to the server, declares a poisonous caches without clients knowing it could be a big problem. Figuring out a logging solution to create an audit trail to ensure we know who made the caches and when may be a big piece of this. |
How would a declarative configuration be any different (or worse) in security posture than a home rolled, scripted solution? Edit: Typo. |
@vonjackets Also if its only deployed through a cicd pipeline I can also see who made the change in git so we get some sort of audit trail by git logs, extra powerful if we can just check for intruders by checking if we drift. |
|
@vonjackets I outlined a solution when I opened this feature request, I would guess the database holds the state and the config would check against the database what needs to change. I dont have any code as Im not familiar with rust. |
Hello,
Would be nice if the attic server config would have options for caches and their settings so its not a manual process to create them.
Example
The global declarative option dictates if caches without a corresponding config section should be deleted.
The text was updated successfully, but these errors were encountered: