cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Tutkowski <mike.tutkow...@solidfire.com>
Subject Re: [DISCUSS] Major business logic refactoring: Move from Account to UserAccount
Date Fri, 14 Nov 2014 19:08:28 GMT
Yeah, I assume you would use the column ID of the user table (as opposed to
the UUID of the given user), right?

On Fri, Nov 14, 2014 at 12:04 PM, Rohit Yadav <rohit.yadav@shapeblue.com>
wrote:

> Min, you’re right I don’t propose to change the IAM model just some
> additional data that notes who *actually* owns the resource (VM, volume,
> etc.) in an account which can be useful for sysadmins to list resource by
> userid etc.
>
> I can understand the hesitation and the side effects such a refactoring
> can produce, so I think the best would be to add user_id (uuid) columns and
> change only the API/query layer.
>
> Mike: I don’t propose to use user name but uuids so they are unique. My
> concern was adding user_id column to say vm_instance table denormalizes
> data as that table already has domain_id and account_id in it and as Rajani
> suggested earlier those two are not needed as using user_id one can find
> account_id and domain_id. I guess, the easiest way would be to just add an
> additional user_id column.
>
> Cheers.
>
> > On 15-Nov-2014, at 12:14 am, Min Chen <min.chen@citrix.com> wrote:
> >
> > Rohit, If I understood you correctly, the user_id column is only used for
> > listing resources to indicate which user is the real owner/creator of the
> > resource, but you don't want to change CloudStack account-level
> permission
> > model to user-level permission model, right? If so, the change will be
> > smaller, maybe some Response classes, which should not involve too many
> > business layer change. I will hesitate to really change CloudStack IAM
> > model though.
> >
> > Thanks
> > -min
> >
> > On 11/14/14 10:35 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
> >
> >> Hi Min,
> >>
> >> Good to know. What do you propose we do moving forward. Do a refactoring
> >> run to fix it or leave it as it is and perhaps add user_id columns to
> few
> >> resources that are more useful for sysadmins such as vm_instance table.
> >>
> >>> On 14-Nov-2014, at 11:49 pm, Min Chen <min.chen@citrix.com> wrote:
> >>>
> >>> Rohit,
> >>>
> >>> I think that the historic reason for this is that CloudStack is only
> >>> doing IAM access permission check on account level, user is only login
> >>> authentication purpose. That is why we will see that all our CloudStack
> >>> resource owner field is an account, since that is the only information
> >>> used for controlling whether you have some permissions to the resource.
> >>> Thanks
> >>> -min
> >>>
> >>> On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> All CloudStack DB entities (VM, storage, network etc.) have an owner
> >>>> field which is mostly the account. An account can have multiple users
> >>>> so
> >>>> just by looking at the resource (say VM) it¹s not possible to make
out
> >>>> which user in the account (owner or account_id field in the db row of
> >>>> the
> >>>> entity) created it. CloudStack users may want to know this information
> >>>> for at least entities such as VMs and Volumes.
> >>>>
> >>>> Historically, why is the account owner of an entity and not a user?
If
> >>>> user were the owner, we could easily get the account Id using the user
> >>>> Id.
> >>>>
> >>>> One solution to fix this problem is to refactor and replace Account
> >>>> (interface) usage with UserAccount (interface) usage, fix the DAO and
> >>>> resource layer, and add columns in the schema. This gets us all the
> >>>> information we need to determine domainId, AccountId and Id (the user
> >>>> ID). Should we do it for all entities or just keep status quo (use
> >>>> account as owners), or just fix it on-demand basis for specific
> >>>> entities
> >>>> such as for user VMs [1].
> >>>>
> >>>> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908
> >>>>
> >>>> Regards,
> >>>> Rohit Yadav
> >>>> Software Architect, ShapeBlue
> >>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> >>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>>>
> >>>>
> >>>>
> >>>> Find out more about ShapeBlue and our range of CloudStack related
> >>>> services
> >>>>
> >>>> IaaS Cloud Design &
> >>>> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> >>>> CSForge ­ rapid IaaS deployment
> >>>> framework<http://shapeblue.com/csforge/>
> >>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> >>>> CloudStack Software
> >>>> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> >>>> CloudStack Infrastructure
> >>>> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> >>>> CloudStack Bootcamp Training
> >>>> Courses<http://shapeblue.com/cloudstack-training/>
> >>>>
> >>>> This email and any attachments to it may be confidential and are
> >>>> intended
> >>>> solely for the use of the individual to whom it is addressed. Any
> views
> >>>> or opinions expressed are solely those of the author and do not
> >>>> necessarily represent those of Shape Blue Ltd or related companies.
If
> >>>> you are not the intended recipient of this email, you must neither
> take
> >>>> any action based upon its contents, nor copy or show it to anyone.
> >>>> Please
> >>>> contact the sender if you believe you have received this email in
> >>>> error.
> >>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
> >>>> Services India LLP is a company incorporated in India and is operated
> >>>> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
> >>>> is
> >>>> a company incorporated in Brasil and is operated under license from
> >>>> Shape
> >>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic
> >>>> of
> >>>> South Africa and is traded under license from Shape Blue Ltd.
> ShapeBlue
> >>>> is a registered trademark.
> >>>
> >>
> >> Regards,
> >> Rohit Yadav
> >> Software Architect, ShapeBlue
> >> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> >> Blog: bhaisaab.org | Twitter: @_bhaisaab
> >>
> >>
> >>
> >> Find out more about ShapeBlue and our range of CloudStack related
> services
> >>
> >> IaaS Cloud Design &
> >> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
> >> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/
> >
> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> >> CloudStack Software
> >> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
> >> CloudStack Infrastructure
> >> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
> >> CloudStack Bootcamp Training
> >> Courses<http://shapeblue.com/cloudstack-training/>
> >>
> >> This email and any attachments to it may be confidential and are
> intended
> >> solely for the use of the individual to whom it is addressed. Any views
> >> or opinions expressed are solely those of the author and do not
> >> necessarily represent those of Shape Blue Ltd or related companies. If
> >> you are not the intended recipient of this email, you must neither take
> >> any action based upon its contents, nor copy or show it to anyone.
> Please
> >> contact the sender if you believe you have received this email in error.
> >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
> >> Services India LLP is a company incorporated in India and is operated
> >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is
> >> a company incorporated in Brasil and is operated under license from
> Shape
> >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic
> of
> >> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue
> >> is a registered trademark.
> >
>
> Regards,
> Rohit Yadav
> Software Architect, ShapeBlue
> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
> Blog: bhaisaab.org | Twitter: @_bhaisaab
>
>
>
> Find out more about ShapeBlue and our range of CloudStack related services
>
> IaaS Cloud Design & Build<
> http://shapeblue.com/iaas-cloud-design-and-build//>
> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
> CloudStack Software Engineering<
> http://shapeblue.com/cloudstack-software-engineering/>
> CloudStack Infrastructure Support<
> http://shapeblue.com/cloudstack-infrastructure-support/>
> CloudStack Bootcamp Training Courses<
> http://shapeblue.com/cloudstack-training/>
>
> This email and any attachments to it may be confidential and are intended
> solely for the use of the individual to whom it is addressed. Any views or
> opinions expressed are solely those of the author and do not necessarily
> represent those of Shape Blue Ltd or related companies. If you are not the
> intended recipient of this email, you must neither take any action based
> upon its contents, nor copy or show it to anyone. Please contact the sender
> if you believe you have received this email in error. Shape Blue Ltd is a
> company incorporated in England & Wales. ShapeBlue Services India LLP is a
> company incorporated in India and is operated under license from Shape Blue
> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil
> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is
> a company registered by The Republic of South Africa and is traded under
> license from Shape Blue Ltd. ShapeBlue is a registered trademark.
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkowski@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message