Great work Lasindu!! Will test and give you some feedback. On Mon, Sep 15, 2014 at 10:44 AM, Lasindu Charith <[email protected]> wrote:
> Hi all, > > The changes are committed in docker_integration branch > https://github.com/apache/stratos/commit/29bf5f164ea6b77a34b876406cc2d3da95231109 > > *Created JIRAs * > https://issues.apache.org/jira/browse/STRATOS-799 > https://issues.apache.org/jira/browse/STRATOS-800 > https://issues.apache.org/jira/browse/STRATOS-801 > > Wrote a blog post covering the changes. > http://blog.lasindu.com/2014/09/apache-stratos-410-user-management-and.html > > > On Sun, Sep 7, 2014 at 3:56 PM, Lasindu Charith <[email protected]> wrote: > >> Attached the permission model for Tenant User. >> >> >> On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <[email protected]> wrote: >> >>> Hi all, >>> >>> Please find the progress below. >>> >>> Carbon User Management feature was installed in p2-profile gen since we >>> are including user management functionality in Stratos 4.1.0. A user role >>> called 'Tenant-User' will be created with the following permissions. Tenant >>> user can view Autoscaling policies, Cartridge definitions, deployment >>> policies, partition definitions, service definitions, subscriptions in the >>> tenant space while only having the ability to add/remove subscriptions. >>> >>> >>> [image: Inline image 1] >>> >>> stratos.manager, cloud.controller and autoscaler compont >>> services/component.xmls were modified to include relevant permissions >>> and AuthorizationActions to call particular service methods.The >>> StratosAdmin REST API methods' @AuthorizationAction was changed to >>> facilitate the above permission model. >>> >>> In the current implementation the stratos UI permissions and REST API >>> permissions are handled separately. UI permissions are predefined for >>> Stratos Admin and Tenant admin seperately in the acl.json file. The whole >>> UI permission model needs to be changed to use carbon user management and >>> permissions using Jaggery, which I will be looking into next. Will be >>> including couple of REST API methods to create/delete/modify tenant users >>> and roles. >>> >>> WIP : >>> https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43 >>> >>> Thanks, >>> >>> >>> On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <[email protected]> >>> wrote: >>> >>>> Hi Reka, >>>> >>>> >>>> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <[email protected]> >>>> wrote: >>>> >>>>> Hi Lasindu >>>>> >>>>> >>>>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi devs, >>>>>> >>>>>> I'm in the process of extending the User Management and Permission >>>>>> model for Stratos 4.1.0. >>>>>> (See email discussions with following subjects : Role based access >>>>>> and functionality for Stratos & Introducing tenant isolation in >>>>>> policy/definition creation and usage). >>>>>> >>>>>> As discussed above, the proposed User/tenant Management will be as >>>>>> following. >>>>>> >>>>>> 1. Mainly there are 3 users, Stratos Admin (Super Admin), Tenant >>>>>> Admin and the Tenant User. >>>>>> >>>>>> Don't you need to have Super Admin users as well? So that we can give >>>>> some role based access even to Multiple super admins. >>>>> >>>> >>>> Yes, In the super tenant space, super tenant can have multiple >>>> (super)tenant admins as well as (super)tenant users.This should work >>>> similar to the way other tenant spaces work. In the initial step we are >>>> planning to create pre defined user roles in Carbon, so that at the time of >>>> user creation, tenant admins can select the user role. >>>> >>>>> >>>>> >>>>>> >>>>>> 1. Tenant(admin) creation will be moved back to the Carbon UI and >>>>>> tenant user creation will be done in new Stratos UI. Tenant user >>>>>> will have a set of pre-defined roles to be assigned at the user >>>>>> creation >>>>>> time. >>>>>> 2. Stratos Admin will mostly use the Carbon UI to create new >>>>>> tenants and will also have his own super tenant space to create new >>>>>> policies, definitions, users, subscribe to cartridges etc. IaaS >>>>>> configuration will be done by the Stratos admin. >>>>>> 3. A tenant admin will use the new UI to configure the tenant >>>>>> space - this includes creation of policies, definitions and deploying >>>>>> them, >>>>>> adding tenant users and assigning them roles. >>>>>> 4. A tenant user will use the new UI to create/deploy >>>>>> applications (previously referred to as subscribe) which are visible >>>>>> within >>>>>> that tenant space. >>>>>> >>>>>> The existing permission model needs to be extended to support >>>>>> tenant/user level separation and >>>>>> REST API should provide role based access. Will update the thread >>>>>> with progress. >>>>>> >>>>> >>>>> Are you introducing any permissions specific to Super/Tenant >>>>> admin/users in stratos? So that we can assign the users to relevant roles >>>>> based on the permissions given. >>>>> >>>> >>>> Yes, Only Super tenant can create/delete tenants, but any tenant admin >>>> can deploy/edit/delete policies, cartridge definitions, partitions etc. So >>>> there are specific permissions for super admin/tenant, tenant admin and >>>> tenant user. These will ideally be user roles in carbon user management >>>> model. >>>> >>>> >>>>> >>>>>> Suggestions and thoughts are welcome .. >>>>>> >>>>>> Thanks, >>>>> Reka >>>>> >>>>>> >>>>>> Thanks, >>>>>> -- >>>>>> *Lasindu Charith* >>>>>> Software Engineer, WSO2 Inc. >>>>>> Mobile: +94714427192 >>>>>> Web: blog.lasindu.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Reka Thirunavukkarasu >>>>> Senior Software Engineer, >>>>> WSO2, Inc.:http://wso2.com, >>>>> Mobile: +94776442007 >>>>> >>>>> >>>>> >>>> >>>> Thanks, >>>> -- >>>> *Lasindu Charith* >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94714427192 >>>> Web: blog.lasindu.com >>>> >>> >>> >>> >>> -- >>> *Lasindu Charith* >>> Software Engineer, WSO2 Inc. >>> Mobile: +94714427192 >>> Web: blog.lasindu.com >>> >> >> >> >> -- >> *Lasindu Charith* >> Software Engineer, WSO2 Inc. >> Mobile: +94714427192 >> Web: blog.lasindu.com >> > > > > -- > *Lasindu Charith* > Software Engineer, WSO2 Inc. > Mobile: +94714427192 > Web: blog.lasindu.com > -- Best Regards, Nirmal Nirmal Fernando. PPMC Member & Committer of Apache Stratos, Senior Software Engineer, WSO2 Inc. Blog: http://nirmalfdo.blogspot.com/
