I concur.

From: Nirmal Fernando [mailto:nirmal070...@gmail.com]
Sent: Monday, August 18, 2014 4:42 AM
To: dev
Subject: Re: Is there a way for the super tenant to subscribe a tenant to a 
service (on behalf of the tenant user)

I tend to agree with Amila. These are real world requirements and I think right 
approach is to control these high security features based on a permission model.

On Mon, Aug 18, 2014 at 2:06 PM, Amila Maha Arachchi 
<ami...@wso2.com<mailto:ami...@wso2.com>> wrote:
I dont agree. Following are my reasons:

1. At the moment only a tenant can subscribe to a service. This has to be done 
by signing in to the Stratos manager UI or invoking a rest API. But, Apache 
Stratos is a PaaS framework. So, if someone wants to setup a PaaS with Stratos, 
he should be able to provision services for tenants without the tenant needing 
to do it by themselves. For example, if I decide to setup something like AWS, I 
will create my own UI. In such an application, I would not want to expose terms 
such as tenants, subscription, topology etc. to the users and I might want to 
do it on behalf of them. At the moment, I cannot subscribe a tenant user to a 
service without knowing his/her credentials. Isn't this a valid requirement?

2. Also assume that I have the above mentioned AWS like application setup and 
running. There are users subscribed to services. Assume this to be a paid 
service and I want to terminate the subscription of users who has not paid the 
bill on time. Do I have way to do this?

There are few other reasons such as the vendor having the control in a PaaS etc.

WDYT?

Regards,
Amila.

On Fri, Aug 15, 2014 at 7:00 PM, Imesh Gunaratne 
<im...@apache.org<mailto:im...@apache.org>> wrote:
Hi,

Yes what Pradeep has pointed out is true, this has been done by design. Super 
tenant cannot perform operations in tenant space.

Thanks

On Fri, Aug 15, 2014 at 8:05 AM, Pradeep Fernando 
<pradee...@gmail.com<mailto:pradee...@gmail.com>> wrote:
Hi,

Adding to that, i sense something wrong with above requirement. tenant is the 
isolation unit we use. So other tenants (even the super tenant) should not play 
around with my tenant space. (after the initial tenant admin creation, super 
tenant work is done IIUC)

Tenant admin can do the above operations i guess..

just a thought.

thanks.

On Fri, Aug 15, 2014 at 4:19 AM, Isuru Haththotuwa 
<isu...@apache.org<mailto:isu...@apache.org>> wrote:
Hi Amila,
Sorry for the delayed response. In the current implementation, this is not 
supported.

On Wed, Aug 13, 2014 at 5:34 PM, Amila Maha Arachchi 
<ami...@wso2.com<mailto:ami...@wso2.com>> wrote:
Hi Devs,

AFAIU, at the moment when subscribe to a service (via the REST api), we need to 
provide the tenant user's credentials.

Following is a sample rest call:
curl -X POST -H "Content-Type: application/json" -d @subscribe.json -k -v -u 
username@tenantdomain:password 
https://sc.dev.com:9443/stratos/admin/cartridge/subscribe


Following is a sample payload.

{
    "cartridgeType": "appserver",
    "alias": "appservermyorg2",
    "repoURL": "https://git.com/git/Development/as/1.git";,
    "privateRepo": "true",
    "repoUsername": "gituser",
    "repoPassword": "xxxxxxxxx",
    "commitsEnabled": "true",
    "autoscalePolicy": "stratos_autoscale",
    "deploymentPolicy": "stratos_deployment"
}

Can I subscribe a tenant on behalf of him/her by giving super admin credentials?

Regards,
Amila.
--
Amila Maharachchi
Senior Technical Lead
WSO2, Inc.; http://wso2.com<http://wso2.com/>

Blog: http://maharachchi.blogspot.com
Mobile: +94719371446

--
<tel:%2B94719371446>
<tel:%2B94719371446>
Thanks and Regards,

Isuru H.

<tel:%2B94719371446>

+94 716 358 048<tel:%2B94719371446>






--
Pradeep Fernando.
http://pradeepfernando.blogspot.com/



--
Imesh Gunaratne

Technical Lead, WSO2
Committer & PPMC Member, Apache Stratos



--
Amila Maharachchi
Senior Technical Lead
WSO2, Inc.; http://wso2.com<http://wso2.com/>

Blog: http://maharachchi.blogspot.com
Mobile: +94719371446<tel:%2B94719371446>



--
Best Regards,
Nirmal

Nirmal Fernando.
PPMC Member & Committer of Apache Stratos,
Senior Software Engineer, WSO2 Inc.

Blog: http://nirmalfdo.blogspot.com/

Reply via email to