I concur. From: Nirmal Fernando [mailto:nirmal070...@gmail.com] Sent: Monday, August 18, 2014 4:42 AM To: dev Subject: Re: Is there a way for the super tenant to subscribe a tenant to a service (on behalf of the tenant user)
I tend to agree with Amila. These are real world requirements and I think right approach is to control these high security features based on a permission model. On Mon, Aug 18, 2014 at 2:06 PM, Amila Maha Arachchi <ami...@wso2.com<mailto:ami...@wso2.com>> wrote: I dont agree. Following are my reasons: 1. At the moment only a tenant can subscribe to a service. This has to be done by signing in to the Stratos manager UI or invoking a rest API. But, Apache Stratos is a PaaS framework. So, if someone wants to setup a PaaS with Stratos, he should be able to provision services for tenants without the tenant needing to do it by themselves. For example, if I decide to setup something like AWS, I will create my own UI. In such an application, I would not want to expose terms such as tenants, subscription, topology etc. to the users and I might want to do it on behalf of them. At the moment, I cannot subscribe a tenant user to a service without knowing his/her credentials. Isn't this a valid requirement? 2. Also assume that I have the above mentioned AWS like application setup and running. There are users subscribed to services. Assume this to be a paid service and I want to terminate the subscription of users who has not paid the bill on time. Do I have way to do this? There are few other reasons such as the vendor having the control in a PaaS etc. WDYT? Regards, Amila. On Fri, Aug 15, 2014 at 7:00 PM, Imesh Gunaratne <im...@apache.org<mailto:im...@apache.org>> wrote: Hi, Yes what Pradeep has pointed out is true, this has been done by design. Super tenant cannot perform operations in tenant space. Thanks On Fri, Aug 15, 2014 at 8:05 AM, Pradeep Fernando <pradee...@gmail.com<mailto:pradee...@gmail.com>> wrote: Hi, Adding to that, i sense something wrong with above requirement. tenant is the isolation unit we use. So other tenants (even the super tenant) should not play around with my tenant space. (after the initial tenant admin creation, super tenant work is done IIUC) Tenant admin can do the above operations i guess.. just a thought. thanks. On Fri, Aug 15, 2014 at 4:19 AM, Isuru Haththotuwa <isu...@apache.org<mailto:isu...@apache.org>> wrote: Hi Amila, Sorry for the delayed response. In the current implementation, this is not supported. On Wed, Aug 13, 2014 at 5:34 PM, Amila Maha Arachchi <ami...@wso2.com<mailto:ami...@wso2.com>> wrote: Hi Devs, AFAIU, at the moment when subscribe to a service (via the REST api), we need to provide the tenant user's credentials. Following is a sample rest call: curl -X POST -H "Content-Type: application/json" -d @subscribe.json -k -v -u username@tenantdomain:password https://sc.dev.com:9443/stratos/admin/cartridge/subscribe Following is a sample payload. { "cartridgeType": "appserver", "alias": "appservermyorg2", "repoURL": "https://git.com/git/Development/as/1.git", "privateRepo": "true", "repoUsername": "gituser", "repoPassword": "xxxxxxxxx", "commitsEnabled": "true", "autoscalePolicy": "stratos_autoscale", "deploymentPolicy": "stratos_deployment" } Can I subscribe a tenant on behalf of him/her by giving super admin credentials? Regards, Amila. -- Amila Maharachchi Senior Technical Lead WSO2, Inc.; http://wso2.com<http://wso2.com/> Blog: http://maharachchi.blogspot.com Mobile: +94719371446 -- <tel:%2B94719371446> <tel:%2B94719371446> Thanks and Regards, Isuru H. <tel:%2B94719371446> +94 716 358 048<tel:%2B94719371446> -- Pradeep Fernando. http://pradeepfernando.blogspot.com/ -- Imesh Gunaratne Technical Lead, WSO2 Committer & PPMC Member, Apache Stratos -- Amila Maharachchi Senior Technical Lead WSO2, Inc.; http://wso2.com<http://wso2.com/> Blog: http://maharachchi.blogspot.com Mobile: +94719371446<tel:%2B94719371446> -- Best Regards, Nirmal Nirmal Fernando. PPMC Member & Committer of Apache Stratos, Senior Software Engineer, WSO2 Inc. Blog: http://nirmalfdo.blogspot.com/