On Mon, Sep 15, 2014 at 11:47 AM, Lahiru Sandaruwan <[email protected]> wrote:
> Great progress Lasindu, > > Sorry for the late reply. > > Subscriber of the cartridges select deployment policies which have min and > max. As per our manual scaling capability that we will introduce, they > should be given the chance to change the min and max after deployment, at > run time. > > Shall we let him change those values and change the relevant values in the > cluster, without changing the actual policy? > +1 > > May be we need a entry in permission model for that as well. > > Thanks. > > On Mon, Sep 15, 2014 at 11:34 AM, Nirmal Fernando <[email protected]> > wrote: > >> Great work Lasindu!! Will test and give you some feedback. >> >> On Mon, Sep 15, 2014 at 10:44 AM, Lasindu Charith <[email protected]> >> wrote: >> >>> Hi all, >>> >>> The changes are committed in docker_integration branch >>> https://github.com/apache/stratos/commit/29bf5f164ea6b77a34b876406cc2d3da95231109 >>> >>> *Created JIRAs * >>> https://issues.apache.org/jira/browse/STRATOS-799 >>> https://issues.apache.org/jira/browse/STRATOS-800 >>> https://issues.apache.org/jira/browse/STRATOS-801 >>> >>> Wrote a blog post covering the changes. >>> >>> http://blog.lasindu.com/2014/09/apache-stratos-410-user-management-and.html >>> >>> >>> On Sun, Sep 7, 2014 at 3:56 PM, Lasindu Charith <[email protected]> >>> wrote: >>> >>>> Attached the permission model for Tenant User. >>>> >>>> >>>> On Sun, Sep 7, 2014 at 3:55 PM, Lasindu Charith <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> Please find the progress below. >>>>> >>>>> Carbon User Management feature was installed in p2-profile gen since >>>>> we are including user management functionality in Stratos 4.1.0. A user >>>>> role called 'Tenant-User' will be created with the following permissions. >>>>> Tenant user can view Autoscaling policies, Cartridge definitions, >>>>> deployment policies, partition definitions, service definitions, >>>>> subscriptions in the tenant space while only having the ability to >>>>> add/remove subscriptions. >>>>> >>>>> >>>>> [image: Inline image 1] >>>>> >>>>> stratos.manager, cloud.controller and autoscaler compont >>>>> services/component.xmls were modified to include relevant permissions >>>>> and AuthorizationActions to call particular service methods.The >>>>> StratosAdmin REST API methods' @AuthorizationAction was changed to >>>>> facilitate the above permission model. >>>>> >>>>> In the current implementation the stratos UI permissions and REST API >>>>> permissions are handled separately. UI permissions are predefined for >>>>> Stratos Admin and Tenant admin seperately in the acl.json file. The whole >>>>> UI permission model needs to be changed to use carbon user management and >>>>> permissions using Jaggery, which I will be looking into next. Will be >>>>> including couple of REST API methods to create/delete/modify tenant users >>>>> and roles. >>>>> >>>>> WIP : >>>>> https://github.com/lasinducharith/stratos/commit/0f018ffb6d9ac33f67d568d7ff3d9688e8f45a43 >>>>> >>>>> Thanks, >>>>> >>>>> >>>>> On Mon, Sep 1, 2014 at 5:07 PM, Lasindu Charith <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Reka, >>>>>> >>>>>> >>>>>> On Mon, Sep 1, 2014 at 4:50 PM, Reka Thirunavukkarasu <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Lasindu >>>>>>> >>>>>>> >>>>>>> On Fri, Aug 29, 2014 at 2:09 PM, Lasindu Charith <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi devs, >>>>>>>> >>>>>>>> I'm in the process of extending the User Management and Permission >>>>>>>> model for Stratos 4.1.0. >>>>>>>> (See email discussions with following subjects : Role based access >>>>>>>> and functionality for Stratos & Introducing tenant isolation in >>>>>>>> policy/definition creation and usage). >>>>>>>> >>>>>>>> As discussed above, the proposed User/tenant Management will be as >>>>>>>> following. >>>>>>>> >>>>>>>> 1. Mainly there are 3 users, Stratos Admin (Super Admin), >>>>>>>> Tenant Admin and the Tenant User. >>>>>>>> >>>>>>>> Don't you need to have Super Admin users as well? So that we can >>>>>>> give some role based access even to Multiple super admins. >>>>>>> >>>>>> >>>>>> Yes, In the super tenant space, super tenant can have multiple >>>>>> (super)tenant admins as well as (super)tenant users.This should work >>>>>> similar to the way other tenant spaces work. In the initial step we are >>>>>> planning to create pre defined user roles in Carbon, so that at the time >>>>>> of >>>>>> user creation, tenant admins can select the user role. >>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> 1. Tenant(admin) creation will be moved back to the Carbon UI >>>>>>>> and tenant user creation will be done in new Stratos UI. Tenant >>>>>>>> user will have a set of pre-defined roles to be assigned at the user >>>>>>>> creation time. >>>>>>>> 2. Stratos Admin will mostly use the Carbon UI to create new >>>>>>>> tenants and will also have his own super tenant space to create new >>>>>>>> policies, definitions, users, subscribe to cartridges etc. IaaS >>>>>>>> configuration will be done by the Stratos admin. >>>>>>>> 3. A tenant admin will use the new UI to configure the tenant >>>>>>>> space - this includes creation of policies, definitions and >>>>>>>> deploying them, >>>>>>>> adding tenant users and assigning them roles. >>>>>>>> 4. A tenant user will use the new UI to create/deploy >>>>>>>> applications (previously referred to as subscribe) which are >>>>>>>> visible within >>>>>>>> that tenant space. >>>>>>>> >>>>>>>> The existing permission model needs to be extended to support >>>>>>>> tenant/user level separation and >>>>>>>> REST API should provide role based access. Will update the thread >>>>>>>> with progress. >>>>>>>> >>>>>>> >>>>>>> Are you introducing any permissions specific to Super/Tenant >>>>>>> admin/users in stratos? So that we can assign the users to relevant >>>>>>> roles >>>>>>> based on the permissions given. >>>>>>> >>>>>> >>>>>> Yes, Only Super tenant can create/delete tenants, but any tenant >>>>>> admin can deploy/edit/delete policies, cartridge definitions, partitions >>>>>> etc. So there are specific permissions for super admin/tenant, tenant >>>>>> admin >>>>>> and tenant user. These will ideally be user roles in carbon user >>>>>> management >>>>>> model. >>>>>> >>>>>> >>>>>>> >>>>>>>> Suggestions and thoughts are welcome .. >>>>>>>> >>>>>>>> Thanks, >>>>>>> Reka >>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> -- >>>>>>>> *Lasindu Charith* >>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>> Mobile: +94714427192 >>>>>>>> Web: blog.lasindu.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Reka Thirunavukkarasu >>>>>>> Senior Software Engineer, >>>>>>> WSO2, Inc.:http://wso2.com, >>>>>>> Mobile: +94776442007 >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> Thanks, >>>>>> -- >>>>>> *Lasindu Charith* >>>>>> Software Engineer, WSO2 Inc. >>>>>> Mobile: +94714427192 >>>>>> Web: blog.lasindu.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Lasindu Charith* >>>>> Software Engineer, WSO2 Inc. >>>>> Mobile: +94714427192 >>>>> Web: blog.lasindu.com >>>>> >>>> >>>> >>>> >>>> -- >>>> *Lasindu Charith* >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94714427192 >>>> Web: blog.lasindu.com >>>> >>> >>> >>> >>> -- >>> *Lasindu Charith* >>> Software Engineer, WSO2 Inc. >>> Mobile: +94714427192 >>> Web: blog.lasindu.com >>> >> >> >> >> -- >> Best Regards, >> Nirmal >> >> Nirmal Fernando. >> PPMC Member & Committer of Apache Stratos, >> Senior Software Engineer, WSO2 Inc. >> >> Blog: http://nirmalfdo.blogspot.com/ >> > > > > -- > -- > Lahiru Sandaruwan > Committer and PMC member, Apache Stratos, > Senior Software Engineer, > WSO2 Inc., http://wso2.com > lean.enterprise.middleware > > email: [email protected] cell: (+94) 773 325 954 > blog: http://lahiruwrites.blogspot.com/ > twitter: http://twitter.com/lahirus > linked-in: http://lk.linkedin.com/pub/lahiru-sandaruwan/16/153/146 > > -- Lakmal Warusawithana Vice President, Apache Stratos Director - Cloud Architecture; WSO2 Inc. Mobile : +94714289692 Blog : http://lakmalsview.blogspot.com/
