cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Chen <min.c...@citrix.com>
Subject Re: [DISCUSS] Major business logic refactoring: Move from Account to UserAccount
Date Fri, 14 Nov 2014 19:01:18 GMT
Yes, we support going both directions, account <-> user.

Thanks
-min

On 11/14/14 10:59 AM, "Mike Tutkowski" <mike.tutkowski@solidfire.com>
wrote:

>I didn't have access to the VM with my CS DB on it for a while, but I do
>now and checked the DB structure. I see the user table has a reference to
>the account table, so that's what I was expecting and hoped to see.
>
>On Fri, Nov 14, 2014 at 11:48 AM, Mike Tutkowski <
>mike.tutkowski@solidfire.com> wrote:
>
>> I haven't looked at the DB tables for this, but presumably there is a
>>user
>> table like we have an account table and you can figure out what account
>>a
>> given user is in? That would be OK then. I just wasn't sure if we only
>> allowed you to go from account to user, but not user to account in the
>>DB.
>>
>> On Fri, Nov 14, 2014 at 11:39 AM, Mike Tutkowski <
>> mike.tutkowski@solidfire.com> wrote:
>>
>>> Can a username like "mike" be re-used in multiple accounts?
>>>
>>> For example:
>>>
>>> Acct1\mike
>>> Acct2\mike
>>>
>>> If so, the name "mike" would be insufficient to determine ownership of
>>> the resource in some situations (unless it was fully qualified with its
>>> account).
>>>
>>> On Fri, Nov 14, 2014 at 11:35 AM, Rohit Yadav
>>><rohit.yadav@shapeblue.com>
>>> wrote:
>>>
>>>> Hi Min,
>>>>
>>>> Good to know. What do you propose we do moving forward. Do a
>>>>refactoring
>>>> run to fix it or leave it as it is and perhaps add user_id columns to
>>>>few
>>>> resources that are more useful for sysadmins such as vm_instance
>>>>table.
>>>>
>>>> > On 14-Nov-2014, at 11:49 pm, Min Chen <min.chen@citrix.com> wrote:
>>>> >
>>>> > Rohit,
>>>> >
>>>> > I think that the historic reason for this is that CloudStack is only
>>>> > doing IAM access permission check on account level, user is only
>>>>login
>>>> > authentication purpose. That is why we will see that all our
>>>>CloudStack
>>>> > resource owner field is an account, since that is the only
>>>>information
>>>> > used for controlling whether you have some permissions to the
>>>>resource.
>>>> > Thanks
>>>> > -min
>>>> >
>>>> > On 11/14/14 12:53 AM, "Rohit Yadav" <rohit.yadav@shapeblue.com>
>>>>wrote:
>>>> >
>>>> >> Hi,
>>>> >>
>>>> >> All CloudStack DB entities (VM, storage, network etc.) have an
>>>>owner
>>>> >> field which is mostly the account. An account can have multiple
>>>>users
>>>> so
>>>> >> just by looking at the resource (say VM) it¹s not possible to make
>>>>out
>>>> >> which user in the account (owner or account_id field in the db row
>>>>of
>>>> the
>>>> >> entity) created it. CloudStack users may want to know this
>>>>information
>>>> >> for at least entities such as VMs and Volumes.
>>>> >>
>>>> >> Historically, why is the account owner of an entity and not a
>>>>user? If
>>>> >> user were the owner, we could easily get the account Id using the
>>>> user Id.
>>>> >>
>>>> >> One solution to fix this problem is to refactor and replace Account
>>>> >> (interface) usage with UserAccount (interface) usage, fix the DAO
>>>>and
>>>> >> resource layer, and add columns in the schema. This gets us all
the
>>>> >> information we need to determine domainId, AccountId and Id (the
>>>>user
>>>> >> ID). Should we do it for all entities or just keep status quo (use
>>>> >> account as owners), or just fix it on-demand basis for specific
>>>> entities
>>>> >> such as for user VMs [1].
>>>> >>
>>>> >> [1] https://issues.apache.org/jira/browse/CLOUDSTACK-7908
>>>> >>
>>>> >> Regards,
>>>> >> Rohit Yadav
>>>> >> Software Architect, ShapeBlue
>>>> >> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>>> >> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>> >>
>>>> >>
>>>> >>
>>>> >> Find out more about ShapeBlue and our range of CloudStack related
>>>> services
>>>> >>
>>>> >> IaaS Cloud Design &
>>>> >> Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> >> CSForge ­ rapid IaaS deployment framework<
>>>> http://shapeblue.com/csforge/>
>>>> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> >> CloudStack Software
>>>> >> Engineering<http://shapeblue.com/cloudstack-software-engineering/>
>>>> >> CloudStack Infrastructure
>>>> >> Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> >> CloudStack Bootcamp Training
>>>> >> Courses<http://shapeblue.com/cloudstack-training/>
>>>> >>
>>>> >> This email and any attachments to it may be confidential and are
>>>> intended
>>>> >> solely for the use of the individual to whom it is addressed. Any
>>>> views
>>>> >> or opinions expressed are solely those of the author and do not
>>>> >> necessarily represent those of Shape Blue Ltd or related
>>>>companies. If
>>>> >> you are not the intended recipient of this email, you must neither
>>>> take
>>>> >> any action based upon its contents, nor copy or show it to anyone.
>>>> Please
>>>> >> contact the sender if you believe you have received this email in
>>>> error.
>>>> >> Shape Blue Ltd is a company incorporated in England & Wales.
>>>>ShapeBlue
>>>> >> Services India LLP is a company incorporated in India and is
>>>>operated
>>>> >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria
>>>>Ltda
>>>> is
>>>> >> a company incorporated in Brasil and is operated under license from
>>>> Shape
>>>> >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>>>> Republic of
>>>> >> South Africa and is traded under license from Shape Blue Ltd.
>>>> ShapeBlue
>>>> >> is a registered trademark.
>>>> >
>>>>
>>>> Regards,
>>>> Rohit Yadav
>>>> Software Architect, ShapeBlue
>>>> M. +91 88 262 30892 | rohit.yadav@shapeblue.com
>>>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>>>>
>>>>
>>>>
>>>> Find out more about ShapeBlue and our range of CloudStack related
>>>> services
>>>>
>>>> IaaS Cloud Design & Build<
>>>> http://shapeblue.com/iaas-cloud-design-and-build//>
>>>> CSForge ­ rapid IaaS deployment
>>>>framework<http://shapeblue.com/csforge/>
>>>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>>>> CloudStack Software Engineering<
>>>> http://shapeblue.com/cloudstack-software-engineering/>
>>>> CloudStack Infrastructure Support<
>>>> http://shapeblue.com/cloudstack-infrastructure-support/>
>>>> CloudStack Bootcamp Training Courses<
>>>> http://shapeblue.com/cloudstack-training/>
>>>>
>>>> This email and any attachments to it may be confidential and are
>>>> intended solely for the use of the individual to whom it is
>>>>addressed. Any
>>>> views or opinions expressed are solely those of the author and do not
>>>> necessarily represent those of Shape Blue Ltd or related companies.
>>>>If you
>>>> are not the intended recipient of this email, you must neither take
>>>>any
>>>> action based upon its contents, nor copy or show it to anyone. Please
>>>> contact the sender if you believe you have received this email in
>>>>error.
>>>> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue
>>>> Services India LLP is a company incorporated in India and is operated
>>>>under
>>>> license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a
>>>> company incorporated in Brasil and is operated under license from
>>>>Shape
>>>> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The
>>>>Republic of
>>>> South Africa and is traded under license from Shape Blue Ltd.
>>>>ShapeBlue is
>>>> a registered trademark.
>>>>
>>>
>>>
>>>
>>> --
>>> *Mike Tutkowski*
>>> *Senior CloudStack Developer, SolidFire Inc.*
>>> e: mike.tutkowski@solidfire.com
>>> o: 303.746.7302
>>> Advancing the way the world uses the cloud
>>> <http://solidfire.com/solution/overview/?video=play>*™*
>>>
>>
>>
>>
>> --
>> *Mike Tutkowski*
>> *Senior CloudStack Developer, SolidFire Inc.*
>> e: mike.tutkowski@solidfire.com
>> o: 303.746.7302
>> Advancing the way the world uses the cloud
>> <http://solidfire.com/solution/overview/?video=play>*™*
>>
>
>
>
>-- 
>*Mike Tutkowski*
>*Senior CloudStack Developer, SolidFire Inc.*
>e: mike.tutkowski@solidfire.com
>o: 303.746.7302
>Advancing the way the world uses the cloud
><http://solidfire.com/solution/overview/?video=play>*™*

Mime
View raw message