Add Management Service and CLI components (design docs)
New components 18-19: ManagementService (Akka.NET actor on Central exposing all admin operations via ClusterClientReceptionist) and CLI (console app using ClusterClient for scripting). Updated HighLevelReqs, CLAUDE.md, README, Component-Host, Component-Communication, Component-Security.
This commit is contained in:
Joseph Doherty
@@ -115,3 +115,4 @@ Central cluster. Sites do not have user-facing interfaces and do not perform ind
|
||||
- **Template Engine**: Design role enforcement.
|
||||
- **Deployment Manager**: Deployment role enforcement with site scoping.
|
||||
- **All central components**: Role checks are a cross-cutting concern applied at the API layer.
|
||||
- **Management Service**: The ManagementActor enforces role-based authorization on every incoming command using the authenticated user identity carried in the message envelope. The CLI authenticates users via the same LDAP bind mechanism and passes the user's identity (username, roles, permitted sites) in every request message. The ManagementActor applies the same role and site-scoping rules as the Central UI — no separate authentication path exists on the server side.
|
||||
|
||||
Reference in New Issue
Block a user