cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alena Prokharchyk <Alena.Prokharc...@citrix.com>
Subject Re: [DISCUSS] listAll and recursive parameters for BaseListDomainResourceCmd should have default value as TRUE
Date Wed, 09 Oct 2013 01:14:28 GMT
This is a bug.

=Alena.

On 10/8/13 6:12 PM, "Min Chen" <min.chen@citrix.com> wrote:

>Just simple listVMsCmd with page information, passing listAll=true or not
>passing listAll returns the same set of data.
>
>
>Thanks
>-min
>
>On 10/8/13 5:55 PM, "Alena Prokharchyk" <Alena.Prokharchyk@citrix.com>
>wrote:
>
>>On 10/8/13 5:48 PM, "Min Chen" <min.chen@citrix.com> wrote:
>>
>>>Thanks Alena for the clarification.
>>>
>>>If you try ListVMsCmd as a domain admin, if I pass listAll=false, what
>>>should be the expected behavior?
>>
>>The same as if you don't pass anything. The domain admin will see his own
>>resources (the ones that belong to his account)
>>
>>
>>>Should he be able to see VMs under his domain but not owned by him? The
>>>current CloudStack behavior will
>>>show all VMs under his domain. This seems contradictory to the meaning
>>>of
>>>listAll.
>>
>>Do you pass anything else to the call besides listAll=false? Is the
>>result
>>the same when you don't pass listAll=false to the call? If so, what other
>>parameters do you pass in
>>
>>>
>>>Thanks
>>>-min
>>>
>>>
>>>
>>>>On 10/8/13 4:28 PM, "Min Chen" <min.chen@citrix.com> wrote:
>>>>
>>>>>Hi there,
>>>>>
>>>>>In working with RBAC design, I am really puzzled by the two query
>>>>>parameter "listAll" and "recursive" for all BaseListDomainResourceCmd.
>>>>>
>>>>>
>>>>>    @Parameter(name = ApiConstants.LIST_ALL, type =
>>>>>CommandType.BOOLEAN,
>>>>>description = "If set to false, " +
>>>>>
>>>>>            "list only resources belonging to the command's caller; if
>>>>>set to true - list resources that the caller is authorized to see.
>>>>>Default value is false")
>>>>>
>>>>>    private Boolean listAll;
>>>>>
>>>>>
>>>>>    @Parameter(name = ApiConstants.IS_RECURSIVE, type =
>>>>>CommandType.BOOLEAN, description = "defaults to false," +
>>>>>
>>>>>            " but if true, lists all resources from the parent
>>>>>specified
>>>>>by the domainId till leaves.")
>>>>>
>>>>>    private Boolean recursive;
>>>>>
>>>>>
>>>>>IMHO, if a caller invokes a list API without passing any specific
>>>>>query
>>>>>parameter, he/she should see all resources that he/she is authorized
>>>>>to
>>>>>see.  In CloudStack, we have implicit authorization rules as follows:
>>>>>1. Root admin should be able to see all the resources under Root
>>>>>domain.
>>>>>2. Domain admin should be able to see all the resources under its own
>>>>>domain tree.
>>>>>3. Normal user should only see the resources owned by him.
>>>>
>>>>listAll doesn't impact user calls.
>>>>
>>>>>4. Project account should be able to see resources assigned to that
>>>>>project.
>>>>
>>>>Project account can't make the calls. Any CS account assigned to the
>>>>project + admin can list project resources. When listAll is passed in,
>>>>all
>>>>resources except project resources, will be returned to the caller.
>>>>When
>>>>projectId=-1 is passed in, all resources of all projects in the system
>>>>that caller is authorized to see, will be returned to the caller.
>>>>
>>>>>Based on current AccountManager.buildACLSearchParameters
>>>>>implementation,
>>>>>we are not observing the passed "listAll" and "recursive" value at
>>>>>all,
>>>>>seems always treating "listAll=true" and "recursive=true".
>>>>
>>>>recursive=false is respected when passed along with the domainId. In
>>>>this
>>>>case, it will list all the resources under this domain only, without
>>>>subdomains. When recursive=true is passed with domainId, the resources
>>>>of
>>>>domains + subdomains will be returned.
>>>>
>>>>>Thus, I am proposing that we change the default value of "listAll" and
>>>>>"recursive" to TRUE instead of current FALSE.  Any objections?
>>>>
>>>>
>>>>The main objection - it will break all the partners/third party
>>>>apps/UIs
>>>>built on the current CS behavior.
>>>>
>>>>>
>>>>>Thanks
>>>>>-min
>>>>>
>>>>
>>>>Min, 
>>>>
>>>
>>>
>>
>>
>
>



Mime
View raw message