I tend to agree with Amila. These are real world requirements and I think right approach is to control these high security features based on a permission model.
On Mon, Aug 18, 2014 at 2:06 PM, Amila Maha Arachchi <ami...@wso2.com> wrote: > I dont agree. Following are my reasons: > > 1. At the moment only a tenant can subscribe to a service. This has to be > done by signing in to the Stratos manager UI or invoking a rest API. But, > Apache Stratos is a PaaS framework. So, if someone wants to setup a PaaS > with Stratos, he should be able to provision services for tenants without > the tenant needing to do it by themselves. For example, if I decide to > setup something like AWS, I will create my own UI. In such an application, > I would not want to expose terms such as tenants, subscription, topology > etc. to the users and I might want to do it on behalf of them. At the > moment, I cannot subscribe a tenant user to a service without knowing > his/her credentials. Isn't this a valid requirement? > > 2. Also assume that I have the above mentioned AWS like application setup > and running. There are users subscribed to services. Assume this to be a > paid service and I want to terminate the subscription of users who has not > paid the bill on time. Do I have way to do this? > > There are few other reasons such as the vendor having the control in a > PaaS etc. > > WDYT? > > Regards, > Amila. > > > On Fri, Aug 15, 2014 at 7:00 PM, Imesh Gunaratne <im...@apache.org> wrote: > >> Hi, >> >> Yes what Pradeep has pointed out is true, this has been done by design. >> Super tenant cannot perform operations in tenant space. >> >> Thanks >> >> >> On Fri, Aug 15, 2014 at 8:05 AM, Pradeep Fernando <pradee...@gmail.com> >> wrote: >> >>> Hi, >>> >>> Adding to that, i sense something wrong with above requirement. tenant >>> is the isolation unit we use. So other tenants (even the super tenant) >>> should not play around with my tenant space. (after the initial tenant >>> admin creation, super tenant work is done IIUC) >>> >>> Tenant admin can do the above operations i guess.. >>> >>> just a thought. >>> >>> thanks. >>> >>> >>> On Fri, Aug 15, 2014 at 4:19 AM, Isuru Haththotuwa <isu...@apache.org> >>> wrote: >>> >>>> Hi Amila, >>>> >>>> Sorry for the delayed response. In the current implementation, this is >>>> not supported. >>>> >>>> >>>> On Wed, Aug 13, 2014 at 5:34 PM, Amila Maha Arachchi <ami...@wso2.com> >>>> wrote: >>>> >>>>> Hi Devs, >>>>> >>>>> AFAIU, at the moment when subscribe to a service (via the REST api), >>>>> we need to provide the tenant user's credentials. >>>>> >>>>> Following is a sample rest call: >>>>> curl -X POST -H "Content-Type: application/json" -d @subscribe.json -k >>>>> -v -u username@tenantdomain:password >>>>> https://sc.dev.com:9443/stratos/admin/cartridge/subscribe >>>>> >>>>> >>>>> Following is a sample payload. >>>>> >>>>> { >>>>> "cartridgeType": "appserver", >>>>> "alias": "appservermyorg2", >>>>> "repoURL": "https://git.com/git/Development/as/1.git", >>>>> "privateRepo": "true", >>>>> "repoUsername": "gituser", >>>>> "repoPassword": "xxxxxxxxx", >>>>> "commitsEnabled": "true", >>>>> "autoscalePolicy": "stratos_autoscale", >>>>> "deploymentPolicy": "stratos_deployment" >>>>> } >>>>> >>>>> Can I subscribe a tenant on behalf of him/her by giving super admin >>>>> credentials? >>>>> >>>>> Regards, >>>>> Amila. >>>>> -- >>>>> *Amila Maharachchi* >>>>> Senior Technical Lead >>>>> WSO2, Inc.; http://wso2.com >>>>> >>>>> Blog: http://maharachchi.blogspot.com >>>>> Mobile: +94719371446 >>>>> >>>>> -- >>>>> <%2B94719371446> >>>>> Thanks and Regards, >>>>> >>>>> Isuru H. >>>>> <%2B94719371446> >>>>> +94 716 358 048 <%2B94719371446>* <http://wso2.com/>* >>>>> >>>>> >>>>> * <http://wso2.com/>* >>>>> >>>>> >>>>> >>> >>> >>> -- >>> Pradeep Fernando. >>> http://pradeepfernando.blogspot.com/ >>> >> >> >> >> -- >> Imesh Gunaratne >> >> Technical Lead, WSO2 >> Committer & PPMC Member, Apache Stratos >> > > > > -- > *Amila Maharachchi* > Senior Technical Lead > WSO2, Inc.; http://wso2.com > > Blog: http://maharachchi.blogspot.com > Mobile: +94719371446 > > -- Best Regards, Nirmal Nirmal Fernando. PPMC Member & Committer of Apache Stratos, Senior Software Engineer, WSO2 Inc. Blog: http://nirmalfdo.blogspot.com/