I tend to agree with Amila. These are real world requirements and I think
right approach is to control these high security features based on a
permission model.


On Mon, Aug 18, 2014 at 2:06 PM, Amila Maha Arachchi <ami...@wso2.com>
wrote:

> I dont agree. Following are my reasons:
>
> 1. At the moment only a tenant can subscribe to a service. This has to be
> done by signing in to the Stratos manager UI or invoking a rest API. But,
> Apache Stratos is a PaaS framework. So, if someone wants to setup a PaaS
> with Stratos, he should be able to provision services for tenants without
> the tenant needing to do it by themselves. For example, if I decide to
> setup something like AWS, I will create my own UI. In such an application,
> I would not want to expose terms such as tenants, subscription, topology
> etc. to the users and I might want to do it on behalf of them. At the
> moment, I cannot subscribe a tenant user to a service without knowing
> his/her credentials. Isn't this a valid requirement?
>
> 2. Also assume that I have the above mentioned AWS like application setup
> and running. There are users subscribed to services. Assume this to be a
> paid service and I want to terminate the subscription of users who has not
> paid the bill on time. Do I have way to do this?
>
> There are few other reasons such as the vendor having the control in a
> PaaS etc.
>
> WDYT?
>
> Regards,
> Amila.
>
>
> On Fri, Aug 15, 2014 at 7:00 PM, Imesh Gunaratne <im...@apache.org> wrote:
>
>> Hi,
>>
>> Yes what Pradeep has pointed out is true, this has been done by design.
>> Super tenant cannot perform operations in tenant space.
>>
>> Thanks
>>
>>
>> On Fri, Aug 15, 2014 at 8:05 AM, Pradeep Fernando <pradee...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Adding to that, i sense something wrong with above requirement. tenant
>>> is the isolation unit we use. So other tenants (even the super tenant)
>>> should not play around with my tenant space. (after the initial tenant
>>> admin creation, super tenant work is done IIUC)
>>>
>>> Tenant admin can do the above operations i guess..
>>>
>>> just a thought.
>>>
>>> thanks.
>>>
>>>
>>> On Fri, Aug 15, 2014 at 4:19 AM, Isuru Haththotuwa <isu...@apache.org>
>>> wrote:
>>>
>>>> Hi Amila,
>>>>
>>>> Sorry for the delayed response. In the current implementation, this is
>>>> not supported.
>>>>
>>>>
>>>> On Wed, Aug 13, 2014 at 5:34 PM, Amila Maha Arachchi <ami...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Devs,
>>>>>
>>>>> AFAIU, at the moment when subscribe to a service (via the REST api),
>>>>> we need to provide the tenant user's credentials.
>>>>>
>>>>> Following is a sample rest call:
>>>>> curl -X POST -H "Content-Type: application/json" -d @subscribe.json -k
>>>>> -v -u username@tenantdomain:password
>>>>> https://sc.dev.com:9443/stratos/admin/cartridge/subscribe
>>>>>
>>>>>
>>>>> Following is a sample payload.
>>>>>
>>>>> {
>>>>>     "cartridgeType": "appserver",
>>>>>     "alias": "appservermyorg2",
>>>>>     "repoURL": "https://git.com/git/Development/as/1.git";,
>>>>>     "privateRepo": "true",
>>>>>     "repoUsername": "gituser",
>>>>>     "repoPassword": "xxxxxxxxx",
>>>>>     "commitsEnabled": "true",
>>>>>     "autoscalePolicy": "stratos_autoscale",
>>>>>     "deploymentPolicy": "stratos_deployment"
>>>>> }
>>>>>
>>>>> Can I subscribe a tenant on behalf of him/her by giving super admin
>>>>> credentials?
>>>>>
>>>>> Regards,
>>>>> Amila.
>>>>> --
>>>>>  *Amila Maharachchi*
>>>>> Senior Technical Lead
>>>>> WSO2, Inc.; http://wso2.com
>>>>>
>>>>> Blog: http://maharachchi.blogspot.com
>>>>> Mobile: +94719371446
>>>>>
>>>>> --
>>>>>  <%2B94719371446>
>>>>> Thanks and Regards,
>>>>>
>>>>> Isuru H.
>>>>> <%2B94719371446>
>>>>> +94 716 358 048 <%2B94719371446>* <http://wso2.com/>*
>>>>>
>>>>>
>>>>> * <http://wso2.com/>*
>>>>>
>>>>>
>>>>>
>>>
>>>
>>> --
>>> Pradeep Fernando.
>>> http://pradeepfernando.blogspot.com/
>>>
>>
>>
>>
>> --
>> Imesh Gunaratne
>>
>> Technical Lead, WSO2
>> Committer & PPMC Member, Apache Stratos
>>
>
>
>
> --
> *Amila Maharachchi*
> Senior Technical Lead
> WSO2, Inc.; http://wso2.com
>
> Blog: http://maharachchi.blogspot.com
> Mobile: +94719371446
>
>


-- 
Best Regards,
Nirmal

Nirmal Fernando.
PPMC Member & Committer of Apache Stratos,
Senior Software Engineer, WSO2 Inc.

Blog: http://nirmalfdo.blogspot.com/

Reply via email to