Return-Path: Delivered-To: apmail-incubator-deltacloud-dev-archive@minotaur.apache.org Received: (qmail 94395 invoked from network); 15 Nov 2010 15:49:38 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 15 Nov 2010 15:49:38 -0000 Received: (qmail 16972 invoked by uid 500); 15 Nov 2010 15:50:10 -0000 Delivered-To: apmail-incubator-deltacloud-dev-archive@incubator.apache.org Received: (qmail 16810 invoked by uid 500); 15 Nov 2010 15:50:08 -0000 Mailing-List: contact deltacloud-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: deltacloud-dev@incubator.apache.org Delivered-To: mailing list deltacloud-dev@incubator.apache.org Received: (qmail 16802 invoked by uid 99); 15 Nov 2010 15:50:07 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Nov 2010 15:50:07 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=10.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of lutter@redhat.com designates 209.132.183.28 as permitted sender) Received: from [209.132.183.28] (HELO mx1.redhat.com) (209.132.183.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Nov 2010 15:50:00 +0000 Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oAFFnbaP011834 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 15 Nov 2010 10:49:37 -0500 Received: from [10.3.112.16] ([10.3.112.16]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id oAFFnZE1012099 for ; Mon, 15 Nov 2010 10:49:36 -0500 Subject: Re: Dynamic selection of driver From: David Lutterkort To: deltacloud-dev@incubator.apache.org In-Reply-To: <5BD04FB9-4D97-4F3E-88CA-99BFD0726791@jaguNET.com> References: <1289524884.4164.1312.camel@avon.watzmann.net> <5BD04FB9-4D97-4F3E-88CA-99BFD0726791@jaguNET.com> Content-Type: text/plain; charset="ISO-8859-15" Organization: Red Hat Inc Date: Mon, 15 Nov 2010 16:49:34 +0100 Message-ID: <1289836174.12245.62.camel@melon.watzmann.net> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11 X-Virus-Checked: Checked by ClamAV on apache.org On Fri, 2010-11-12 at 09:29 -0500, Jim Jagielski wrote: > On Nov 11, 2010, at 8:21 PM, David Lutterkort wrote: > > > Hi, > > > > Toby Crawley is really the one who brought this up - here's a summary of > > a discussion we had a couple days ago. > > > > Right now, the deltacloud server only ever uses one driver; that means > > that if you want to talk to multiple clouds, you need to have one > > deltacloud server running for each of them. Clearly, not very admin > > friendly. > > > > Toby actually experimented with this (wanna share your patch, Toby ?). > > To me, the cleanest way to enable dynamic selection of the driver is to > > select the driver through add'l HTTP headers. For example, by sending > > > > X-Deltacloud-Driver: ec2 > > X-Deltacloud-Endpoint: https://eu-west-1.ec2.amazonaws.com/ > > > > you'd be using the eu-west region of EC2. > > > > We would maintain the current behavior of the driver as the default when > > these headers are absent; so if you start 'deltacloudd -i mock', clients > > that don't set the Deltacloud headers will talk to the mock driver. > > > > Sounds good, but shouldn't there be some sort of auth mechanism > to "verify" that an authorized entity set those headers? I don't think that's necessary - since the Deltacloud server doesn't store any credentials, the user also needs to include their credentials with the request (as a HTTP basic auth header) ASAICT, worst case, they have invalid credentials, and the only attack they could launch is DOS either on the Deltacloud server (which they could in any case) or on the backend cloud (which they also can do w/o Deltacloud) David