stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lakmal Warusawithana <lak...@wso2.com>
Subject Re: Stratos 4.1.0 User Management and Permission Model
Date Mon, 15 Sep 2014 07:23:30 GMT
On Mon, Sep 15, 2014 at 11:47 AM, Lahiru Sandaruwan <lahirus@wso2.com>
wrote:

> Great progress Lasindu,
>
> Sorry for the late reply.
>
> Subscriber of the cartridges select deployment policies which have min and
> max. As per our manual scaling capability that we will introduce, they
> should be given the chance to change the min and max after deployment, at
> run time.
>
> Shall we let him change those values and change the relevant values in the
> cluster, without changing the actual policy?
>

+1


>
> May be we need a entry in permission model for that as well.
>
> Thanks.
>
> On Mon, Sep 15, 2014 at 11:34 AM, Nirmal Fernando <nirmal070125@gmail.com>
> wrote:
>
>> Great work Lasindu!! Will test and give you some feedback.
>>
>> On Mon, Sep 15, 2014 at 10:44 AM, Lasindu Charith <lasindu@wso2.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> The changes are committed in docker_integration branch
>>> https://github.com/apache/stratos/commit/29bf5f164ea6b77a34b876406cc2d3da95231109
>>>
>>> *Created JIRAs *
>>> https://issues.apache.org/jira/browse/STRATOS-799
>>> https://issues.apache.org/jira/browse/STRATOS-800
>>> https://issues.apache.org/jira/browse/STRATOS-801
>>>
>>> Wrote a blog post covering the changes.
>>>
>>> http://blog.lasindu.com/2014/09/apache-stratos-410-user-management-and.html
>>>
>>>
>>> On Sun, Sep 7, 2014 at 3:56 PM, Lasindu Charith <lasindu@wso2.com>
>>> wrote:
>>>
>>>> Attached the permission model for Tenant User.
>>>>
>>>>
>>>> On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <lasindu@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> Please find the progress below.
>>>>>
>>>>> Carbon User Management feature was installed in p2-profile gen since
>>>>> we are including user management functionality in Stratos 4.1.0. A user
>>>>> role called 'Tenant-User' will be created with the following permissions.
>>>>> Tenant user can view Autoscaling policies, Cartridge definitions,
>>>>> deployment policies, partition definitions, service definitions,
>>>>> subscriptions in the tenant space while only having the ability to
>>>>> add/remove subscriptions.
>>>>>
>>>>>
>>>>> [image: Inline image 1]
>>>>>
>>>>> stratos.manager, cloud.controller and autoscaler compont
>>>>> services/component.xmls were modified to include relevant permissions
>>>>> and AuthorizationActions to call particular service methods.The
>>>>> StratosAdmin REST API methods'  @AuthorizationAction was changed to
>>>>> facilitate the above permission model.
>>>>>
>>>>> In the current implementation the stratos UI permissions and REST API
>>>>> permissions are handled separately. UI permissions are predefined for
>>>>> Stratos Admin and Tenant admin seperately in the acl.json file. The whole
>>>>> UI permission model needs to be changed to use carbon user management
and
>>>>> permissions using Jaggery, which I will be looking into next. Will be
>>>>> including couple of REST API methods to create/delete/modify tenant users
>>>>> and roles.
>>>>>
>>>>> WIP :
>>>>> https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>> On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <lasindu@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Reka,
>>>>>>
>>>>>>
>>>>>> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <reka@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Lasindu
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <lasindu@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi devs,
>>>>>>>>
>>>>>>>> I'm in the process of extending the User Management and Permission
>>>>>>>> model for Stratos 4.1.0.
>>>>>>>> (See email discussions with following subjects : Role based
access
>>>>>>>> and functionality for Stratos & Introducing tenant isolation
in
>>>>>>>> policy/definition creation and usage).
>>>>>>>>
>>>>>>>> As discussed above, the proposed User/tenant Management will
be as
>>>>>>>> following.
>>>>>>>>
>>>>>>>>    1. Mainly there are 3 users, Stratos Admin (Super Admin),
>>>>>>>>    Tenant Admin and the Tenant User.
>>>>>>>>
>>>>>>>> Don't you need to have Super Admin users as well? So that
we can
>>>>>>> give some role based access even to Multiple super admins.
>>>>>>>
>>>>>>
>>>>>> Yes, In the super tenant space, super tenant can have multiple
>>>>>> (super)tenant admins as well as (super)tenant users.This should work
>>>>>> similar to the way other tenant spaces work. In the initial step
we are
>>>>>> planning to create pre defined user roles in Carbon, so that at the
time of
>>>>>> user creation, tenant admins can select the user role.
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>    1. Tenant(admin) creation will be moved back to the Carbon
UI
>>>>>>>>    and tenant user creation will be done in new Stratos UI.
Tenant
>>>>>>>>    user will have a set of pre-defined roles to be assigned
at the user
>>>>>>>>    creation time.
>>>>>>>>    2. Stratos Admin will mostly use the Carbon UI to create
new
>>>>>>>>    tenants and will also have his own super tenant space
to create new
>>>>>>>>    policies, definitions, users, subscribe to cartridges
etc. IaaS
>>>>>>>>    configuration will be done by the Stratos admin.
>>>>>>>>    3. A tenant admin will use the new UI to configure the
tenant
>>>>>>>>    space - this includes creation of policies, definitions
and deploying them,
>>>>>>>>    adding tenant users and assigning them roles.
>>>>>>>>    4. A tenant user will use the  new UI to create/deploy
>>>>>>>>    applications (previously referred to as subscribe) which
are visible within
>>>>>>>>    that tenant space.
>>>>>>>>
>>>>>>>> The existing permission model needs to be extended to support
>>>>>>>> tenant/user level separation and
>>>>>>>> REST API should provide role based access. Will update the
thread
>>>>>>>> with progress.
>>>>>>>>
>>>>>>>
>>>>>>> Are you introducing any permissions specific to Super/Tenant
>>>>>>> admin/users in stratos? So that we can assign the users to relevant
roles
>>>>>>> based on the permissions given.
>>>>>>>
>>>>>>
>>>>>> Yes, Only Super tenant can create/delete tenants, but any tenant
>>>>>> admin can deploy/edit/delete policies, cartridge definitions, partitions
>>>>>> etc. So there are specific permissions for super admin/tenant, tenant
admin
>>>>>> and tenant user. These will ideally be user roles in carbon user
management
>>>>>> model.
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>> Suggestions and thoughts are welcome ..
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>> Reka
>>>>>>>
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> --
>>>>>>>> *Lasindu Charith*
>>>>>>>> Software Engineer, WSO2 Inc.
>>>>>>>> Mobile: +94714427192
>>>>>>>> Web: blog.lasindu.com
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Reka Thirunavukkarasu
>>>>>>> Senior Software Engineer,
>>>>>>> WSO2, Inc.:http://wso2.com,
>>>>>>> Mobile: +94776442007
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> --
>>>>>> *Lasindu Charith*
>>>>>> Software Engineer, WSO2 Inc.
>>>>>> Mobile: +94714427192
>>>>>> Web: blog.lasindu.com
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Lasindu Charith*
>>>>> Software Engineer, WSO2 Inc.
>>>>> Mobile: +94714427192
>>>>> Web: blog.lasindu.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Lasindu Charith*
>>>> Software Engineer, WSO2 Inc.
>>>> Mobile: +94714427192
>>>> Web: blog.lasindu.com
>>>>
>>>
>>>
>>>
>>> --
>>> *Lasindu Charith*
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94714427192
>>> Web: blog.lasindu.com
>>>
>>
>>
>>
>> --
>> Best Regards,
>> Nirmal
>>
>> Nirmal Fernando.
>> PPMC Member & Committer of Apache Stratos,
>> Senior Software Engineer, WSO2 Inc.
>>
>> Blog: http://nirmalfdo.blogspot.com/
>>
>
>
>
> --
> --
> Lahiru Sandaruwan
> Committer and PMC member, Apache Stratos,
> Senior Software Engineer,
> WSO2 Inc., http://wso2.com
> lean.enterprise.middleware
>
> email: lahirus@wso2.com cell: (+94) 773 325 954
> blog: http://lahiruwrites.blogspot.com/
> twitter: http://twitter.com/lahirus
> linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146
>
>


-- 
Lakmal Warusawithana
Vice President, Apache Stratos
Director - Cloud Architecture; WSO2 Inc.
Mobile : +94714289692
Blog : http://lakmalsview.blogspot.com/

Mime
View raw message