Hi all, We had a discussion with the Stratos team. The current meta data service cannot be used by us because it is a security threat. Because the Cartridge agent keeps username/password and these credentials are duplicated in all Cartridges. So if I write a PHP application to read the credentials the security of the meta data service is breached.
So for the release we have come up with this approach. The certain parts of the implementation can be donated to Stratos. And the OAuth layer in front of the dev registry is going to be Stratos MetaData service layer. WDYT? https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D thanks, dimuthu On Thu, Nov 13, 2014 at 4:10 PM, Udara Liyanage <[email protected]> wrote: > Hi Sanjiva, > > The work of the local agent you mentioned is done by the cartridge agent > since it fetches the metadata and set them as environment variables. > > Currently metadataservice web app uses registry in order to store values. > However when we implement the metadata service we wanted it to decouple it > from registry so we can switch to any storage in future. > The intention of the metadata service is that it abstracts the storage > from metadata publishers and fetchers, so publishers can publish metadata > against the application Id. Then the dependent instances fetch the metadata > by providing the application id without knowing underlying storage. > > Currently we use username/password based authentication, however we will > extend it to use oAuth so that dependent instances are able to fetch > metadata using a token. > > > On Thu, Nov 13, 2014 at 3:02 PM, Sanjiva Weerawarana <[email protected]> > wrote: > >> Why do we need another metadata service when the registry is there? That >> has an HTTP API so that's the service. What am I missing?? >> >> The point about a local API was different: we can have the agent in the >> cartridge talk to the above HTTP API and expose a simple local API, with or >> without protection. That could even push environment variables out so that >> code can pull the values out directly. That's what Paul wanted to do a long >> time ago. >> >> Sanjiva. >> >> On Wed, Nov 12, 2014 at 6:49 AM, Udara Liyanage <[email protected]> wrote: >> >>> Hi, >>> >>> username,password based validation is there in metadata service. I meant >>> we have identified that we need to add Oauth based authentication. >>> >>> >>> >>> Touched, not typed. Erroneous words are a feature, not a typo. >>> On Nov 12, 2014 5:52 AM, "Selvaratnam Uthaiyashankar" <[email protected]> >>> wrote: >>> >>>> So, the meta data service does not have any authentication? Means, I >>>> can write an application and override the configurations you are storing >>>> for your applications? >>>> >>>> On Sunday, November 9, 2014, Dimuthu Leelarathne <[email protected]> >>>> wrote: >>>> >>>>> Hi Udara, >>>>> >>>>> +1. Updated the diagram with suggested approach. >>>>> >>>>> thanks, >>>>> dimuthu >>>>> >>>>> On Sat, Nov 8, 2014 at 11:30 PM, Udara Liyanage <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Sat, Nov 8, 2014 at 11:18 PM, Dimuthu Leelarathne < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Sanjiva, Udara and all, >>>>>>> >>>>>>> If we are using PHP API we have to workout >>>>>>> Authentication/Authorization for Registry Rest API because it is not >>>>>>> possible to access it straightaway - could be OAuth. My other concern is >>>>>>> the nativeness of the approach. Would developers feel it is a natural >>>>>>> way? >>>>>>> >>>>>>> yes we need to use Oauth, which is not yet used in metadata service. >>>>>> >>>>>>> As Udara suggested if there is a Metadata service in Stratos, we can >>>>>>> be using it. It would yield a more natural way to developers. Isn't it? >>>>>>> >>>>>> >>>>>> When agent exposes the values as environments variables, PHP >>>>>> developers can access them values as >>>>>> >>>>>> <?php >>>>>> >>>>>> >>>>>> 1. $USER=getenv('MYSQL_USER_NAME'); >>>>>> 2. $host=getenv('MYSQL_HOST'); >>>>>> 3. $pass=getenv('MYSQL_PASSWORD'); >>>>>> 4. $link = mysql_connect($host, $user, $pass) >>>>>> 5. or die('Could not connect: ' . mysql_error()); >>>>>> >>>>>> ?> >>>>>> >>>>>> >>>>>>> It was Paul who suggested the file-system (or environment variable) >>>>>>> approach, sometime back. >>>>>>> >>>>>>> thanks, >>>>>>> dimuthu >>>>>>> >>>>>>> >>>>>>> On Sat, Nov 8, 2014 at 11:05 PM, Sanjiva Weerawarana < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Dimuthu I don't understand .. why can't you continue to use the >>>>>>>> registry for these and just give a local API for PHP or whatever to >>>>>>>> get it >>>>>>>> from? We can simply have an agent in the cartridge that fronts the >>>>>>>> registry >>>>>>>> and then gives a local HTTP endpoint to get the data as name/value >>>>>>>> pairs. >>>>>>>> >>>>>>>> IIRC Paul suggested this many years ago. >>>>>>>> >>>>>>>> Sanjiva. >>>>>>>> >>>>>>>> On Sat, Nov 8, 2014 at 10:48 PM, Dimuthu Leelarathne < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Udara, >>>>>>>>> >>>>>>>>> Is it available in the new version of Stratos? >>>>>>>>> >>>>>>>>> So when we write to Metadata service, how is my app suppose to get >>>>>>>>> it? Is it via environment variables? >>>>>>>>> >>>>>>>>> thanks, >>>>>>>>> dimuthu >>>>>>>>> >>>>>>>>> On Sat, Nov 8, 2014 at 10:45 PM, Udara Liyanage <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Dimutu, >>>>>>>>>> >>>>>>>>>> How about using a metadata service for this. Metadata service is >>>>>>>>>> a REST service where its provides APIs to publish and fetch key >>>>>>>>>> value/values pairs. >>>>>>>>>> This is already implemented in Stratos. >>>>>>>>>> >>>>>>>>>> So workflow is, >>>>>>>>>> Instead of writing to git, AF publishes to metadata service. Then >>>>>>>>>> cartridge agent fetches from the metadata service and expose as env >>>>>>>>>> variable. >>>>>>>>>> I feel this is more cleaner than commiting to repo. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Touched, not typed. Erroneous words are a feature, not a typo. >>>>>>>>>> On Nov 8, 2014 10:33 PM, "Dimuthu Leelarathne" <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Hi all, >>>>>>>>>>> >>>>>>>>>>> For propagating resources (name-value pairs for Apps) to >>>>>>>>>>> none-carbon runtimes we need an approach. I have been thinking >>>>>>>>>>> about the >>>>>>>>>>> possibilities and this came into my mind. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D >>>>>>>>>>> >>>>>>>>>>> WDYT? Are there different suggestions? Or improvements? >>>>>>>>>>> >>>>>>>>>>> thanks, >>>>>>>>>>> dimuthu >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>>>> >>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>> email: [email protected] >>>>>>>>>>> Mobile : 0773661935 >>>>>>>>>>> >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Dimuthu Leelarathne >>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>> >>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>> email: [email protected] >>>>>>>>> Mobile : 0773661935 >>>>>>>>> >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Sanjiva Weerawarana, Ph.D. >>>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>>>> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 >>>>>>>> 5345) x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 650 >>>>>>>> 265 8311 >>>>>>>> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dimuthu Leelarathne >>>>>>> Architect & Product Lead of App Factory >>>>>>> >>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>> email: [email protected] >>>>>>> Mobile : 0773661935 >>>>>>> >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> [email protected] >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Udara Liyanage >>>>>> Software Engineer >>>>>> WSO2, Inc.: http://wso2.com >>>>>> lean. enterprise. middleware >>>>>> >>>>>> web: http://udaraliyanage.wordpress.com >>>>>> phone: +94 71 443 6897 >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Dimuthu Leelarathne >>>>> Architect & Product Lead of App Factory >>>>> >>>>> WSO2, Inc. (http://wso2.com) >>>>> email: [email protected] >>>>> Mobile : 0773661935 >>>>> >>>>> Lean . Enterprise . Middleware >>>>> >>>> >>>> >>>> -- >>>> S.Uthaiyashankar >>>> VP Engineering >>>> WSO2 Inc. >>>> http://wso2.com/ - "lean . enterprise . middleware" >>>> >>>> Phone: +94 714897591 >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Sanjiva Weerawarana, Ph.D. >> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 5345) >> x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 650 265 8311 >> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
