On Fri, Jan 2, 2015 at 2:44 AM, Itamar Heim <ih...@redhat.com> wrote: > On 12/29/2014 06:13 PM, Tony James wrote: >> >> On Mon, Dec 29, 2014 at 5:26 AM, Itamar Heim <ih...@redhat.com> wrote: >>> >>> On 12/29/2014 09:25 AM, Nir Soffer wrote: >>>> >>>> >>>> ----- Original Message ----- >>>>> >>>>> >>>>> From: "Tony James" <t...@anthonyjames.org> >>>>> To: devel@ovirt.org >>>>> Sent: Monday, December 29, 2014 3:30:49 AM >>>>> Subject: [ovirt-devel] UI Plugin to Upload ISO Files >>>>> >>>>> This message is in response to an earlier thread regarding a UI plugin >>>>> to upload ISO files. Like the original poster, Lucas, I began work on >>>>> a UI plugin to allow uploading ISO files through a UI plugin. After >>>>> reading the previous thread I'm re-thinking the architecture. >>>>> >>>>> It was suggested that the recommended approach to upload files to a >>>>> storage domain is through the VDSM API [1]. I'm pretty familiar with >>>>> the oVirt REST API but have been unable to find documentation >>>>> regarding accessing the VDSM API. Should the VDSM API be accessible >>>>> by a UI plugin? If so, is there documentation available to do so? >>>>> >>>>> [1] http://lists.ovirt.org/pipermail/devel/2014-December/009497.html >>>> >>>> >>>> >>>> Basically you have to: >>>> 1. Use the vdsm xmlrpc/jsonrpc to create an image >>>> 2. Use the vdsm http api to upload the data to the image. This will >>>> create >>>> a task and return a task id. >>>> 3. Use the vdsm xmlrpc/jsonrpc api to check the task status, and clear >>>> the task when done >>>> >>>> The xmlrpc/jsonrpc api is documented here: >>>> >>>> >>>> http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm/rpc/vdsmapi-schema.json;h=1edcda86c8468b68c620eff4844b57ca30e44ea7;hb=HEAD >>>> >>>> You can check the code for upload here: >>>> >>>> >>>> http://gerrit.ovirt.org/gitweb?p=vdsm.git;a=blob;f=vdsm/rpc/BindingXMLRPC.py;h=759ed7845e63658a13c139684095bd56c03a29ac;hb=HEAD#l158 >>> >>> >>> >>> I assume the upload will be done via a servlet on the engine, not >>> directly >>> by the ui plugin accessing vdsm. >>> worth discussing your plans here, to make sure architecture/security are >>> correct. >>> >> >> I was planning on using a python CGI script which would accept the >> upload via POST from the UI plugin. The file would be stored in /tmp >> on the engine host. >> >> After the file was successfully uploaded, the CGI script would send a >> POST to a python HTTP server (BaseHTTPServer, also running on engine >> host) with the filename and storage domain information. This python >> script would then take care of mounting the storage domain and copying >> the file to the appropriate location. >> >> This was my initial approach, I plan on checking out the VDSM API as well. >> > > my preference would be to stream via a servlet to the vdsm api, rather than > "store and forward" to avoid potentially exhausting space on engine or > having to deal with two phased task tracking. > > the tricky part which requires a review is validating authentication and > authorization by the servlet - to make sure one has the permission to write > to a certain disk (for data domains) / iso domain. > this should be similar to the websocket novnc approach of validating user > has access to relevant VM (but Alon may correct me if its different) > > notice there is one caveat for iso domains to having vdsm do the upload vs. > the iso-uploader utility - it would require vdsm to have write permissions > to the iso nfs path. but it allows uploading disks/vm's as well to data > stores, which i think is worth having the same pattern for both.
Would it be sufficient to verify that the user has been given the StorageAdmin role before allowing an upload? _______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel