Conversation
Adds the design spec for `quiltx stack acl`, a new command to declaratively reconcile a Quilt stack's access control (buckets, policies, roles, SSO) from a YAML file. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…te vs update - Fix SSO diff to show `+ sso config` (create) vs `~ sso config` (update) - Add progress output during apply so users see what's happening - Add --dry-run flag to preview changes without applying - Add --verbose flag to show policy permissions, role assignments, and SSO config details - Add auto_login decorator and normalize_catalog_url helper to config Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Running `quiltx stack acl` without a config file now dumps the current server ACL state: buckets, policies with permissions, roles with default marker, and a human-friendly SSO mapping summary. Also fixes permission display to use level names instead of repr. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
drernie
changed the title
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
quiltx stack acl <config.yml>— declarative reconciliation of Quilt buckets, managed policies, managed roles, and SSO mappings from a single YAML filequiltx stack acl(no args) dumps the current server ACL state for inspection--dry-runto preview changes,--verbosefor detailed diff output,--yesto skip confirmationauto_logindecorator for automatic session refresh on auth failureAclConfig,AclDiff,CurrentState,compute_diff,apply_acl, etc. exported fromquiltxpyyaml; bumpedquilt3>=7.3.0for admin policies APIFiles changed
quiltx/acl.py— core ACL parsing, diffing, and apply logic (new)quiltx/tools/stack/acl.py— CLI subcommand (new)quiltx/__init__.py— export ACL public APIquiltx/config.py—auto_login,normalize_catalog_urltests/test_acl.py— comprehensive ACL unit tests (new)tests/test_init.py— init export tests (new)spec/060-stack-acl/— plan and demo YAMLTest plan
./poe testpasses./poe lint-checkpassesquiltx stack aclshows current statequiltx stack acl demo.yml --dry-run --verbosepreviews changesquiltx stack acl demo.yml --yesapplies changes🤖 Generated with Claude Code