cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Tutkowski <mike.tutkow...@solidfire.com>
Subject Re: [DISCUSS] Major business logic refactoring: Move from Account to UserAccount
Date Fri, 14 Nov 2014 18:59:25 GMT
I didn't have access to the VM with my CS DB on it for a while, but I do
now and checked the DB structure. I see the user table has a reference to
the account table, so that's what I was expecting and hoped to see.

On Fri, Nov 14, 2014 at 11:48 AM, Mike Tutkowski <
mike.tutkowski@solidfire.com> wrote:

> I haven't looked at the DB tables for this, but presumably there is a user
> table like we have an account table and you can figure out what account a
> given user is in? That would be OK then. I just wasn't sure if we only
> allowed you to go from account to user, but not user to account in the DB.
>
> On Fri, Nov 14, 2014 at 11:39 AM, Mike Tutkowski <
> mike.tutkowski@solidfire.com> wrote:
>
>> Can a username like "mike" be re-used in multiple accounts?
>>
>> For example:
>>
>> Acct1\mike
>> Acct2\mike
>>
>> If so, the name "mike" would be insufficient to determine ownership of
>> the resource in some situations (unless it was fully qualified with its
>> account).
>>
>> On Fri, Nov 14, 2014 at 11:35 AM, Rohit Yadav <rohit.yadav@shapeblue.com>
>> wrote:
>>
>>> Hi Min,
>>>
>>> Good to know. What do you propose we do moving forward. Do a refactoring
>>> run to fix it or leave it as it is and perhaps add user_id columns to few
>>> resources that are more useful for sysadmins such as vm_instance table.
>>>
>>> > On 14-Nov-2014, at 11:49 pm, Min Chen <min.chen@citrix.com> wrote:
>>> >
>>> > Rohit,
>>> >
>>> > I think that the historic reason for this is that CloudStack is only
>>> > doing IAM access permission check on account level, user is only login
>>> > authentication purpose. That is why we will see that all our CloudStack
>>> > resource owner field is an account, since that is the only information
>>> > used for controlling whether you have some permissions to the resource.
>>> > Thanks
>>> > -min
>>> >
>>> > On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com> wrote:
>>> >
>>> >> Hi,
>>> >>
>>> >> All CloudStack DB entities (VM, storage, network etc.) have an owner
>>> >> field which is mostly the account. An account can have multiple users
>>> so
>>> >> just by looking at the resource (say VM) it¹s not possible to make
out
>>> >> which user in the account (owner or account_id field in the db row of
>>> the
>>> >> entity) created it. CloudStack users may want to know this information
>>> >> for at least entities such as VMs and Volumes.
>>> >>
>>> >> Historically, why is the account owner of an entity and not a user?
If
>>> >> user were the owner, we could easily get the account Id using the
>>> user Id.
>>> >>
>>> >> One solution to fix this problem is to refactor and replace Account
>>> >> (interface) usage with UserAccount (interface) usage, fix the DAO and
>>> >> resource layer, and add columns in the schema. This gets us all the
>>> >> information we need to determine domainId, AccountId and Id (the user
>>> >> ID). Should we do it for all entities or just keep status quo (use
>>> >> account as owners), or just fix it on-demand basis for specific
>>> entities
>>> >> such as for user VMs [1].
>>> >>
>>> >> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908
>>> >>
>>> >> Regards,
>>> >> Rohit Yadav
>>> >> Software Architect, ShapeBlue
>>> >> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>> >> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>> >>
>>> >>
>>> >>
>>> >> Find out more about ShapeBlue and our range of CloudStack related
>>> services
>>> >>
>>> >> IaaS Cloud Design &
>>> >> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>> >> CSForge ­ rapid IaaS deployment framework<
>>> http://shapeblue.com/csforge/>
>>> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> >> CloudStack Software
>>> >> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>> >> CloudStack Infrastructure
>>> >> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>> >> CloudStack Bootcamp Training
>>> >> Courses<http://shapeblue.com/cloudstack-training/>
>>> >>
>>> >> This email and any attachments to it may be confidential and are
>>> intended
>>> >> solely for the use of the individual to whom it is addressed. Any
>>> views
>>> >> or opinions expressed are solely those of the author and do not
>>> >> necessarily represent those of Shape Blue Ltd or related companies.
If
>>> >> you are not the intended recipient of this email, you must neither
>>> take
>>> >> any action based upon its contents, nor copy or show it to anyone.
>>> Please
>>> >> contact the sender if you believe you have received this email in
>>> error.
>>> >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>> >> Services India LLP is a company incorporated in India and is operated
>>> >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda
>>> is
>>> >> a company incorporated in Brasil and is operated under license from
>>> Shape
>>> >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>>> Republic of
>>> >> South Africa and is traded under license from Shape Blue Ltd.
>>> ShapeBlue
>>> >> is a registered trademark.
>>> >
>>>
>>> Regards,
>>> Rohit Yadav
>>> Software Architect, ShapeBlue
>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>
>>>
>>>
>>> Find out more about ShapeBlue and our range of CloudStack related
>>> services
>>>
>>> IaaS Cloud Design & Build<
>>> http://shapeblue.com/iaas-cloud-design-and-build//>
>>> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>> CloudStack Software Engineering<
>>> http://shapeblue.com/cloudstack-software-engineering/>
>>> CloudStack Infrastructure Support<
>>> http://shapeblue.com/cloudstack-infrastructure-support/>
>>> CloudStack Bootcamp Training Courses<
>>> http://shapeblue.com/cloudstack-training/>
>>>
>>> This email and any attachments to it may be confidential and are
>>> intended solely for the use of the individual to whom it is addressed. Any
>>> views or opinions expressed are solely those of the author and do not
>>> necessarily represent those of Shape Blue Ltd or related companies. If you
>>> are not the intended recipient of this email, you must neither take any
>>> action based upon its contents, nor copy or show it to anyone. Please
>>> contact the sender if you believe you have received this email in error.
>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>> Services India LLP is a company incorporated in India and is operated under
>>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a
>>> company incorporated in Brasil and is operated under license from Shape
>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of
>>> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is
>>> a registered trademark.
>>>
>>
>>
>>
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkowski@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the cloud
>> <http://solidfire.com/solution/overview/?video=play>*™*
>>
>
>
>
> --
> *Mike Tutkowski*
> *Senior CloudStack Developer, SolidFire Inc.*
> e: mike.tutkowski@solidfire.com
> o: 303.746.7302
> Advancing the way the world uses the cloud
> <http://solidfire.com/solution/overview/?video=play>*™*
>



-- 
*Mike Tutkowski*
*Senior CloudStack Developer, SolidFire Inc.*
e: mike.tutkowski@solidfire.com
o: 303.746.7302
Advancing the way the world uses the cloud
<http://solidfire.com/solution/overview/?video=play>*™*

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message