Hi all, Had a discussion with Lakmal and updated the doc.
thanks, dimuthu On Fri, Nov 14, 2014 at 12:23 PM, Lakmal Warusawithana <[email protected]> wrote: > > > On Fri, Nov 14, 2014 at 12:04 PM, Dimuthu Leelarathne <[email protected]> > wrote: > >> Hi all, >> >> We had a discussion with the Stratos team. The current meta data service >> cannot be used by us because it is a security threat. Because the Cartridge >> agent keeps username/password and these credentials are duplicated in all >> Cartridges. So if I write a PHP application to read the credentials the >> security of the meta data service is breached. >> >> > Yes, this will/must to fix before Stratos 4.1.0 alpha. (most probably next > week) > > >> So for the release we have come up with this approach. The certain parts >> of the implementation can be donated to Stratos. And the OAuth layer in >> front of the dev registry is going to be Stratos MetaData service layer. >> WDYT? >> > > +1 for donation. Anyway we (stratos) have to implement this. > > >> >> https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D >> >> thanks, >> dimuthu >> >> >> >> On Thu, Nov 13, 2014 at 4:10 PM, Udara Liyanage <[email protected]> wrote: >> >>> Hi Sanjiva, >>> >>> The work of the local agent you mentioned is done by the cartridge agent >>> since it fetches the metadata and set them as environment variables. >>> >>> Currently metadataservice web app uses registry in order to store >>> values. However when we implement the metadata service we wanted it to >>> decouple it from registry so we can switch to any storage in future. >>> The intention of the metadata service is that it abstracts the storage >>> from metadata publishers and fetchers, so publishers can publish metadata >>> against the application Id. Then the dependent instances fetch the metadata >>> by providing the application id without knowing underlying storage. >>> >>> Currently we use username/password based authentication, however we will >>> extend it to use oAuth so that dependent instances are able to fetch >>> metadata using a token. >>> >>> >>> On Thu, Nov 13, 2014 at 3:02 PM, Sanjiva Weerawarana <[email protected]> >>> wrote: >>> >>>> Why do we need another metadata service when the registry is there? >>>> That has an HTTP API so that's the service. What am I missing?? >>>> >>>> The point about a local API was different: we can have the agent in the >>>> cartridge talk to the above HTTP API and expose a simple local API, with or >>>> without protection. That could even push environment variables out so that >>>> code can pull the values out directly. That's what Paul wanted to do a long >>>> time ago. >>>> >>>> Sanjiva. >>>> >>>> On Wed, Nov 12, 2014 at 6:49 AM, Udara Liyanage <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> username,password based validation is there in metadata service. I >>>>> meant we have identified that we need to add Oauth based authentication. >>>>> >>>>> >>>>> >>>>> Touched, not typed. Erroneous words are a feature, not a typo. >>>>> On Nov 12, 2014 5:52 AM, "Selvaratnam Uthaiyashankar" < >>>>> [email protected]> wrote: >>>>> >>>>>> So, the meta data service does not have any authentication? Means, I >>>>>> can write an application and override the configurations you are storing >>>>>> for your applications? >>>>>> >>>>>> On Sunday, November 9, 2014, Dimuthu Leelarathne <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Udara, >>>>>>> >>>>>>> +1. Updated the diagram with suggested approach. >>>>>>> >>>>>>> thanks, >>>>>>> dimuthu >>>>>>> >>>>>>> On Sat, Nov 8, 2014 at 11:30 PM, Udara Liyanage <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Nov 8, 2014 at 11:18 PM, Dimuthu Leelarathne < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Sanjiva, Udara and all, >>>>>>>>> >>>>>>>>> If we are using PHP API we have to workout >>>>>>>>> Authentication/Authorization for Registry Rest API because it is not >>>>>>>>> possible to access it straightaway - could be OAuth. My other concern >>>>>>>>> is >>>>>>>>> the nativeness of the approach. Would developers feel it is a natural >>>>>>>>> way? >>>>>>>>> >>>>>>>>> yes we need to use Oauth, which is not yet used in metadata >>>>>>>> service. >>>>>>>> >>>>>>>>> As Udara suggested if there is a Metadata service in Stratos, we >>>>>>>>> can be using it. It would yield a more natural way to developers. >>>>>>>>> Isn't it? >>>>>>>>> >>>>>>>> >>>>>>>> When agent exposes the values as environments variables, PHP >>>>>>>> developers can access them values as >>>>>>>> >>>>>>>> <?php >>>>>>>> >>>>>>>> >>>>>>>> 1. $USER=getenv('MYSQL_USER_NAME'); >>>>>>>> 2. $host=getenv('MYSQL_HOST'); >>>>>>>> 3. $pass=getenv('MYSQL_PASSWORD'); >>>>>>>> 4. $link = mysql_connect($host, $user, $pass) >>>>>>>> 5. or die('Could not connect: ' . mysql_error()); >>>>>>>> >>>>>>>> ?> >>>>>>>> >>>>>>>> >>>>>>>>> It was Paul who suggested the file-system (or environment >>>>>>>>> variable) approach, sometime back. >>>>>>>>> >>>>>>>>> thanks, >>>>>>>>> dimuthu >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sat, Nov 8, 2014 at 11:05 PM, Sanjiva Weerawarana < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Dimuthu I don't understand .. why can't you continue to use the >>>>>>>>>> registry for these and just give a local API for PHP or whatever to >>>>>>>>>> get it >>>>>>>>>> from? We can simply have an agent in the cartridge that fronts the >>>>>>>>>> registry >>>>>>>>>> and then gives a local HTTP endpoint to get the data as name/value >>>>>>>>>> pairs. >>>>>>>>>> >>>>>>>>>> IIRC Paul suggested this many years ago. >>>>>>>>>> >>>>>>>>>> Sanjiva. >>>>>>>>>> >>>>>>>>>> On Sat, Nov 8, 2014 at 10:48 PM, Dimuthu Leelarathne < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Udara, >>>>>>>>>>> >>>>>>>>>>> Is it available in the new version of Stratos? >>>>>>>>>>> >>>>>>>>>>> So when we write to Metadata service, how is my app suppose to >>>>>>>>>>> get it? Is it via environment variables? >>>>>>>>>>> >>>>>>>>>>> thanks, >>>>>>>>>>> dimuthu >>>>>>>>>>> >>>>>>>>>>> On Sat, Nov 8, 2014 at 10:45 PM, Udara Liyanage <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Dimutu, >>>>>>>>>>>> >>>>>>>>>>>> How about using a metadata service for this. Metadata service >>>>>>>>>>>> is a REST service where its provides APIs to publish and fetch key >>>>>>>>>>>> value/values pairs. >>>>>>>>>>>> This is already implemented in Stratos. >>>>>>>>>>>> >>>>>>>>>>>> So workflow is, >>>>>>>>>>>> Instead of writing to git, AF publishes to metadata service. >>>>>>>>>>>> Then cartridge agent fetches from the metadata service and expose >>>>>>>>>>>> as env >>>>>>>>>>>> variable. >>>>>>>>>>>> I feel this is more cleaner than commiting to repo. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Touched, not typed. Erroneous words are a feature, not a typo. >>>>>>>>>>>> On Nov 8, 2014 10:33 PM, "Dimuthu Leelarathne" < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Hi all, >>>>>>>>>>>>> >>>>>>>>>>>>> For propagating resources (name-value pairs for Apps) to >>>>>>>>>>>>> none-carbon runtimes we need an approach. I have been thinking >>>>>>>>>>>>> about the >>>>>>>>>>>>> possibilities and this came into my mind. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> https://creately.com/diagram/i296mkhn1/kguXC7mpUdJsUELKTcjbNrrT4%3D >>>>>>>>>>>>> >>>>>>>>>>>>> WDYT? Are there different suggestions? Or improvements? >>>>>>>>>>>>> >>>>>>>>>>>>> thanks, >>>>>>>>>>>>> dimuthu >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>>>>>> >>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>> Mobile : 0773661935 >>>>>>>>>>>>> >>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>>>> >>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>> email: [email protected] >>>>>>>>>>> Mobile : 0773661935 >>>>>>>>>>> >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Sanjiva Weerawarana, Ph.D. >>>>>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>>>>>>>> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 >>>>>>>>>> 5345) x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 >>>>>>>>>> 650 265 8311 >>>>>>>>>> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Dimuthu Leelarathne >>>>>>>>> Architect & Product Lead of App Factory >>>>>>>>> >>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>> email: [email protected] >>>>>>>>> Mobile : 0773661935 >>>>>>>>> >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Architecture mailing list >>>>>>>>> [email protected] >>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Udara Liyanage >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc.: http://wso2.com >>>>>>>> lean. enterprise. middleware >>>>>>>> >>>>>>>> web: http://udaraliyanage.wordpress.com >>>>>>>> phone: +94 71 443 6897 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dimuthu Leelarathne >>>>>>> Architect & Product Lead of App Factory >>>>>>> >>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>> email: [email protected] >>>>>>> Mobile : 0773661935 >>>>>>> >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> S.Uthaiyashankar >>>>>> VP Engineering >>>>>> WSO2 Inc. >>>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>>> >>>>>> Phone: +94 714897591 >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sanjiva Weerawarana, Ph.D. >>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ >>>> email: [email protected]; office: (+1 650 745 4499 | +94 11 214 5345) >>>> x5700; cell: +94 77 787 6880 | +1 408 466 5099; voip: +1 650 265 8311 >>>> blog: http://sanjiva.weerawarana.org/; twitter: @sanjiva >>>> Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Udara Liyanage >>> Software Engineer >>> WSO2, Inc.: http://wso2.com >>> lean. enterprise. middleware >>> >>> web: http://udaraliyanage.wordpress.com >>> phone: +94 71 443 6897 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Dimuthu Leelarathne >> Architect & Product Lead of App Factory >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile : 0773661935 >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Lakmal Warusawithana > Vice President, Apache Stratos > Director - Cloud Architecture; WSO2 Inc. > Mobile : +94714289692 > Blog : http://lakmalsview.blogspot.com/ > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
