Re: A New Packaging Approach - CLI Tools Pushing Apps and the Story about the #loggregator “space drain” experiment #loggregator
toggle quoted messageShow quoted text
It is an interesting idea/concept.
I'd say the auth model is a significant Con and potential large hurdle. I'm assuming the username and password passed with the cli is then used by the pushed app to continually query the space for new apps and bind the service, correct? I'm interested in seeing what UAA and Perm could come up with to improve this. It seems you'd either need to dynamically generate a service account with developer access to the space. Or figure out some way to give apps running in a space the ability to create a token to do management operations in the space it exists in. Neither seems very simple.
Another Con would be lack of operator control over upgrading such a feature. If new versions this app are released end users would need to know to run the command again to upgrade it. Might be tricky as CC APIs evolve and such. Anything that the user doesn't feel like they have ownership over I as the operator would like to be able to upgrade for them. A CLI plugin pushed app sits in the middle somewhere.
It seems to me a simpler approach to the original problem of sending all logs for apps in a space to a drain could be solved with a service broker. This broker would need CF_ADMIN client credentials but could simply scan all spaces for instances of itself then binding itself to all apps in spaces where it finds itself. As a broker it could be upgraded by the operators and would provide less permission complexities.
On Mon, Mar 19, 2018 at 4:17 PM, Adam Hevenor <ahevenor@...> wrote: