cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <da...@gnsa.us>
Subject Re: [Proposal] Ability to retrieve user data via Admin API - 4.4
Date Mon, 13 Jan 2014 22:32:14 GMT
The end-user has an even more compelling reason to be able to query
that information without resorting to querying from the host than an
admin ever will.

Why would a cloud administrator need to see/care about userdata? I can
see the end-user/instance admin caring, but not the root admin.

--David



On Mon, Jan 13, 2014 at 5:25 PM, Alena Prokharchyk
<Alena.Prokharchyk@citrix.com> wrote:
> User can always access it through his Vm. The feature is more meant to
> cover the case when Admin needs to get all the user data info for all vms
> of a) network b) system
>
> On 1/13/14, 1:55 PM, "David Nalley" <david@gnsa.us> wrote:
>
>>On Mon, Jan 13, 2014 at 12:56 PM, Alena Prokharchyk
>><Alena.Prokharchyk@citrix.com> wrote:
>>> I would like to propose to introduce API (Admin only, 4.4) that returns
>>>user data to the admin. Current UserData behavior:
>>>
>>>  * userData is passed to the deployVm/updateVm call
>>>  * its stored in CS db and on the VR
>>>  * the only one way to retrieve the data, is to request it from the
>>>user vm inside the network by sending http request to the Virtual Router.
>>>
>>>  We've adopted this model from Amazon EC2 APIs. But along the way I've
>>>noticed that some third party integrators needed to read UserData by
>>>Admin to get the information about all vms in the system/network. To
>>>solve the problem, people were using different kinds of workarounds - db
>>>scripts to read userData from cloudstack DB, or writing CS API
>>>extensions: https://github.com/jasonhancock/cloudstack-api-extension.
>>>
>>> So the API I'm proposing, will let you to retrieve User Data via Admin
>>>API. It will be available to Root admin only.
>>>
>>> If anyone has any objection, or see the flaws in the proposal, please
>>>signal.
>>>
>>> -Alena.
>>
>>
>>Why make this root admin-only? Why shouldn't the user be able to see
>>their own instances user-data?
>>
>>While the ability to see user-data is compelling; limiting it to
>>root-admin only is much less desirable IMO.
>>
>>--David
>

Mime
View raw message