One thing that I haven’t found chatting around is a consolidated and recommend approach on how keep track of namespaces.
The creation of a namespace is regulated via the grpc api which is leveraged by the temporal client and temporal sdks.
What I would like to achieve is for instance an infrastructure as code approach where we keep track of namespaces and their properties under vcs and regulate access to the cluster.
Naturally due to the age of temporal project, solutions that wrap its api aren’t much but I would like to ask beforehand whether the temporal people recommend any way how to handle namespaces.
You could restrict access to certain client apis via authorization which you could customize.
Dock for authorizer and claims mapper.
Temporal has default claims mapper based on JWT.
Here is relevant config. You can set both values to “default” to configure default authorizer and claims mapper. If you define your own I believe you would need to rebuild server image.
Thanks Tihomir for the recommendation. However you are referring to authz/authn for a namespace. I’m asking how to keep track and manage the lifecycle of. Namespace. Not sure the things are correlated.