stratos-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lahiru Sandaruwan <lahi...@wso2.com>
Subject Re: Stratos 4.1.0 User Management and Permission Model
Date Mon, 15 Sep 2014 06:17:55 GMT
Great progress Lasindu,

Sorry for the late reply.

Subscriber of the cartridges select deployment policies which have min and
max. As per our manual scaling capability that we will introduce, they
should be given the chance to change the min and max after deployment, at
run time.

Shall we let him change those values and change the relevant values in the
cluster, without changing the actual policy?

May be we need a entry in permission model for that as well.

Thanks.

On Mon, Sep 15, 2014 at 11:34 AM, Nirmal Fernando <nirmal070125@gmail.com>
wrote:

> Great work Lasindu!! Will test and give you some feedback.
>
> On Mon, Sep 15, 2014 at 10:44 AM, Lasindu Charith <lasindu@wso2.com>
> wrote:
>
>> Hi all,
>>
>> The changes are committed in docker_integration branch
>> https://github.com/apache/stratos/commit/29bf5f164ea6b77a34b876406cc2d3da95231109
>>
>> *Created JIRAs *
>> https://issues.apache.org/jira/browse/STRATOS-799
>> https://issues.apache.org/jira/browse/STRATOS-800
>> https://issues.apache.org/jira/browse/STRATOS-801
>>
>> Wrote a blog post covering the changes.
>>
>> http://blog.lasindu.com/2014/09/apache-stratos-410-user-management-and.html
>>
>>
>> On Sun, Sep 7, 2014 at 3:56 PM, Lasindu Charith <lasindu@wso2.com> wrote:
>>
>>> Attached the permission model for Tenant User.
>>>
>>>
>>> On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <lasindu@wso2.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> Please find the progress below.
>>>>
>>>> Carbon User Management feature was installed in p2-profile gen since we
>>>> are including user management functionality in Stratos 4.1.0. A user role
>>>> called 'Tenant-User' will be created with the following permissions. Tenant
>>>> user can view Autoscaling policies, Cartridge definitions, deployment
>>>> policies, partition definitions, service definitions, subscriptions in the
>>>> tenant space while only having the ability to add/remove subscriptions.
>>>>
>>>>
>>>> [image: Inline image 1]
>>>>
>>>> stratos.manager, cloud.controller and autoscaler compont
>>>> services/component.xmls were modified to include relevant permissions
>>>> and AuthorizationActions to call particular service methods.The
>>>> StratosAdmin REST API methods'  @AuthorizationAction was changed to
>>>> facilitate the above permission model.
>>>>
>>>> In the current implementation the stratos UI permissions and REST API
>>>> permissions are handled separately. UI permissions are predefined for
>>>> Stratos Admin and Tenant admin seperately in the acl.json file. The whole
>>>> UI permission model needs to be changed to use carbon user management and
>>>> permissions using Jaggery, which I will be looking into next. Will be
>>>> including couple of REST API methods to create/delete/modify tenant users
>>>> and roles.
>>>>
>>>> WIP :
>>>> https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <lasindu@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Reka,
>>>>>
>>>>>
>>>>> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <reka@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Lasindu
>>>>>>
>>>>>>
>>>>>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <lasindu@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi devs,
>>>>>>>
>>>>>>> I'm in the process of extending the User Management and Permission
>>>>>>> model for Stratos 4.1.0.
>>>>>>> (See email discussions with following subjects : Role based access
>>>>>>> and functionality for Stratos & Introducing tenant isolation
in
>>>>>>> policy/definition creation and usage).
>>>>>>>
>>>>>>> As discussed above, the proposed User/tenant Management will
be as
>>>>>>> following.
>>>>>>>
>>>>>>>    1. Mainly there are 3 users, Stratos Admin (Super Admin),
Tenant
>>>>>>>    Admin and the Tenant User.
>>>>>>>
>>>>>>> Don't you need to have Super Admin users as well? So that we
can
>>>>>> give some role based access even to Multiple super admins.
>>>>>>
>>>>>
>>>>> Yes, In the super tenant space, super tenant can have multiple
>>>>> (super)tenant admins as well as (super)tenant users.This should work
>>>>> similar to the way other tenant spaces work. In the initial step we are
>>>>> planning to create pre defined user roles in Carbon, so that at the time
of
>>>>> user creation, tenant admins can select the user role.
>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>    1. Tenant(admin) creation will be moved back to the Carbon
UI
>>>>>>>    and tenant user creation will be done in new Stratos UI. Tenant
>>>>>>>    user will have a set of pre-defined roles to be assigned at
the user
>>>>>>>    creation time.
>>>>>>>    2. Stratos Admin will mostly use the Carbon UI to create new
>>>>>>>    tenants and will also have his own super tenant space to create
new
>>>>>>>    policies, definitions, users, subscribe to cartridges etc.
IaaS
>>>>>>>    configuration will be done by the Stratos admin.
>>>>>>>    3. A tenant admin will use the new UI to configure the tenant
>>>>>>>    space - this includes creation of policies, definitions and
deploying them,
>>>>>>>    adding tenant users and assigning them roles.
>>>>>>>    4. A tenant user will use the  new UI to create/deploy
>>>>>>>    applications (previously referred to as subscribe) which are
visible within
>>>>>>>    that tenant space.
>>>>>>>
>>>>>>> The existing permission model needs to be extended to support
>>>>>>> tenant/user level separation and
>>>>>>> REST API should provide role based access. Will update the thread
>>>>>>> with progress.
>>>>>>>
>>>>>>
>>>>>> Are you introducing any permissions specific to Super/Tenant
>>>>>> admin/users in stratos? So that we can assign the users to relevant
roles
>>>>>> based on the permissions given.
>>>>>>
>>>>>
>>>>> Yes, Only Super tenant can create/delete tenants, but any tenant admin
>>>>> can deploy/edit/delete policies, cartridge definitions, partitions etc.
So
>>>>> there are specific permissions for super admin/tenant, tenant admin and
>>>>> tenant user. These will ideally be user roles in carbon user management
>>>>> model.
>>>>>
>>>>>
>>>>>>
>>>>>>> Suggestions and thoughts are welcome ..
>>>>>>>
>>>>>>> Thanks,
>>>>>> Reka
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> --
>>>>>>> *Lasindu Charith*
>>>>>>> Software Engineer, WSO2 Inc.
>>>>>>> Mobile: +94714427192
>>>>>>> Web: blog.lasindu.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Reka Thirunavukkarasu
>>>>>> Senior Software Engineer,
>>>>>> WSO2, Inc.:http://wso2.com,
>>>>>> Mobile: +94776442007
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Thanks,
>>>>> --
>>>>> *Lasindu Charith*
>>>>> Software Engineer, WSO2 Inc.
>>>>> Mobile: +94714427192
>>>>> Web: blog.lasindu.com
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> *Lasindu Charith*
>>>> Software Engineer, WSO2 Inc.
>>>> Mobile: +94714427192
>>>> Web: blog.lasindu.com
>>>>
>>>
>>>
>>>
>>> --
>>> *Lasindu Charith*
>>> Software Engineer, WSO2 Inc.
>>> Mobile: +94714427192
>>> Web: blog.lasindu.com
>>>
>>
>>
>>
>> --
>> *Lasindu Charith*
>> Software Engineer, WSO2 Inc.
>> Mobile: +94714427192
>> Web: blog.lasindu.com
>>
>
>
>
> --
> Best Regards,
> Nirmal
>
> Nirmal Fernando.
> PPMC Member & Committer of Apache Stratos,
> Senior Software Engineer, WSO2 Inc.
>
> Blog: http://nirmalfdo.blogspot.com/
>



-- 
--
Lahiru Sandaruwan
Committer and PMC member, Apache Stratos,
Senior Software Engineer,
WSO2 Inc., http://wso2.com
lean.enterprise.middleware

email: lahirus@wso2.com cell: (+94) 773 325 954
blog: http://lahiruwrites.blogspot.com/
twitter: http://twitter.com/lahirus
linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146

Mime
View raw message