cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Likitha Shetty <likitha.she...@citrix.com>
Subject RE: [AWSAPI] user registration
Date Mon, 17 Dec 2012 09:43:36 GMT
In AWSAPI, while checking if the user keys exists and also while retrieving the secret-key
for signature generation, we could make a change to directly check in the CloudStack DB instead
of the cloudbridge DB ? This way we won't require user-registration for Query API.

Thank you,
Likitha

-----Original Message-----
From: Sebastien Goasguen [mailto:runseb@gmail.com] 
Sent: Monday, December 17, 2012 2:17 PM
To: cloudstack-dev@incubator.apache.org
Subject: Re: [AWSAPI] user registration


On Dec 17, 2012, at 8:30 AM, Chiradeep Vittal <Chiradeep.Vittal@citrix.com> wrote:

> Sebastien, how does this proposed patch work? With the query API, 
> there should not be any need for the registration step since the query 
> API does not need the certificate. When the admin / user generates the 
> keys these should be made available to the aws api web app.

Nothing fancy. From the thread with Likitha it seems we do still need to register. In the
case of the query API it's just a call to SetUserKeys.
So I just put a if statement on there, that checks if a certificate is present when you use
the cloudstack-aws-api-register script. i.e is the -c option used or not. If not then it only
calls SetUserKeys and not the SetCertificate afterwards.

Of course, I do think that when keys are generated for the user they could be automatically
registered in the aws web app. But as far as I know this is not the case yet. Could be a simple
change to the UI scripts. I have not looked into that.

Does that make sense ?


> 
> On 12/15/12 8:45 AM, "Sebastien Goasguen" <runseb@gmail.com> wrote:
> 
>> 
>> On Dec 14, 2012, at 4:09 PM, Likitha Shetty 
>> <likitha.shetty@citrix.com>
>> wrote:
>> 
>>> You are right Sebastien, like we discussed in the previous thread we 
>>> do need perform user-registration before making both EC2 SOAP and 
>>> EC2 Query API calls.
>>> 
>>> 
>>> 
>>> The difference is the steps in the user-registration,
>>> 
>>> 1. For SOAP, cloudstack-aws-api-register --apikey=<User's 
>>> CloudPlatform API key>  --secretkey=< User's CloudPlatform Secret 
>>> key > --cert=<path/to/cert.pem> --url=http://<cloud-mgmt-server>:7080/awsapi.
>>> 
>>> 2. For REST, http://
>>> <cloud-mgmt-server>:7080/awsapi?Action=SetUserKeys&accesskey=<User's
>>> CloudPlatform API key>&secretkey=< User's CloudPlatform Secret key
>
>>> 
>>> 
>>> 
>>> Additional info:
>>> 
>>> cloudstack-aws-api-register script performs both the actions, 
>>> SetUserKeys and SetCertificate.
>>> 
>>> *         SetUserKeys gives the user's API access and secret keys to
>>> AWSAPI so that AWSAPI can call the CloudStack API with these keys. 
>>> This is required for both Query and SOAP.
>>> 
>>> *         SetCertificate registers the user's X.509 certificate with
>>> AWSAPI. EC2 requires the client to have a public/private key pair 
>>> with the public key defined by a X.509 certificate. This is required 
>>> only for SOAP access only 
>>> (http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/using-soa
>>> p-api
>>> .html)
>>> 
>>> 
>> 
>> Thanks for clarifying Likitha. I actually have a patch pending 
>> submission to solve the issue of registering for query or soap.
>> 
>> Could you check that one can call SetUserKeys several times with the 
>> same keys ? I have read that it can be done, but last time I checked, 
>> if keys were already registered you would get an error.
>> 
>> thanks,
>> 
>> -sebastien
>> 
>> 
>>> 
>>> Thank you,
>>> 
>>> Likitha
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> From: Rajesh Battala [mailto:rajesh.battala@citrix.com]
>>> Sent: Friday, December 14, 2012 7:47 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Subject: RE: [AWSAPI] user registration
>>> 
>>> 
>>> 
>>> From Likitha I heard we don't need user registration for EC2  Query API.
>>> 
>>> @Likitha can you confirm it.?
>>> 
>>> 
>>> 
>>> Thanks
>>> 
>>> Rajesh Battala
>>> 
>>> 
>>> 
>>> 
>>> 
>>> -----Original Message-----
>>> 
>>> From: Sebastien Goasguen [mailto:runseb@gmail.com]
>>> 
>>> Sent: Friday, December 14, 2012 7:42 PM
>>> 
>>> To: cloudstack-dev@incubator.apache.org
>>> 
>>> Subject: [AWSAPI] user registration
>>> 
>>> 
>>> 
>>> Hi,
>>> 
>>> 
>>> 
>>> There is a comment from Jessica in 
>>> https://reviews.apache.org/r/8237/
>>> that says that user registration is not required for AWSAPI.
>>> 
>>> 
>>> 
>>> Can one of the developers (Prachi, Likitha, Rajesh..) comment on this ?
>>> 
>>> 
>>> 
>>> From a previous thread with Likitha, I thought that user 
>>> registration was mandatory even for the EC2 Query API.
>>> 
>>> 
>>> 
>>> Thanks,
>>> 
>>> 
>>> 
>>> -Sebastien
>> 
> 


Mime
View raw message