cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <>
Subject Re: [Proposal] Ability to retrieve user data via Admin API - 4.4
Date Mon, 13 Jan 2014 22:32:14 GMT
The end-user has an even more compelling reason to be able to query
that information without resorting to querying from the host than an
admin ever will.

Why would a cloud administrator need to see/care about userdata? I can
see the end-user/instance admin caring, but not the root admin.


On Mon, Jan 13, 2014 at 5:25 PM, Alena Prokharchyk
<> wrote:
> User can always access it through his Vm. The feature is more meant to
> cover the case when Admin needs to get all the user data info for all vms
> of a) network b) system
> On 1/13/14, 1:55 PM, "David Nalley" <> wrote:
>>On Mon, Jan 13, 2014 at 12:56 PM, Alena Prokharchyk
>><> wrote:
>>> I would like to propose to introduce API (Admin only, 4.4) that returns
>>>user data to the admin. Current UserData behavior:
>>>  * userData is passed to the deployVm/updateVm call
>>>  * its stored in CS db and on the VR
>>>  * the only one way to retrieve the data, is to request it from the
>>>user vm inside the network by sending http request to the Virtual Router.
>>>  We've adopted this model from Amazon EC2 APIs. But along the way I've
>>>noticed that some third party integrators needed to read UserData by
>>>Admin to get the information about all vms in the system/network. To
>>>solve the problem, people were using different kinds of workarounds - db
>>>scripts to read userData from cloudstack DB, or writing CS API
>>> So the API I'm proposing, will let you to retrieve User Data via Admin
>>>API. It will be available to Root admin only.
>>> If anyone has any objection, or see the flaws in the proposal, please
>>> -Alena.
>>Why make this root admin-only? Why shouldn't the user be able to see
>>their own instances user-data?
>>While the ability to see user-data is compelling; limiting it to
>>root-admin only is much less desirable IMO.

View raw message