Hi Dmitry, This is because underlying platform isolation is for tenant. App level isolation is something AF impose on top of it. I believe it is not worth the effort to redo the AF layer to special case templates, when we consider other high priority items.
thanks, dimuthu On Fri, Oct 3, 2014 at 9:35 AM, Dmitry Sotnikov <dmi...@wso2.com> wrote: > I see. But the template name still needs to be unique across the whole > tenant? Or only for the app key? > > If the uniqueness scope is App, why append the app key to the name? > > Dmitry > On Oct 2, 2014 7:36 PM, "Amalka Subasinghe" <ama...@wso2.com> wrote: > >> Hi Dimtry, >> >> According to the current implementation we can query the templates based >> on application key and the environment >> >> Thanks >> Amalka >> >> >> On Thu, Oct 2, 2014 at 10:05 PM, Dmitry Sotnikov <dmi...@wso2.com> wrote: >> >>> Thanks Amalka! >>> >>> Question on the templates: what is going to be the difference between >>> appkey1_admin@development and appkey2_admin@development? >>> >>> If no difference, why do we need multiple identical permission >>> templates? Why not just call it admin@development or even simply Admin? >>> >>> Dmitry >>> >>> On Thu, Oct 2, 2014 at 8:02 AM, Amalka Subasinghe <ama...@wso2.com> >>> wrote: >>> >>>> Finally I resolved all the issues as follows >>>> >>>> 1. create database named 'db001' -> create db : db001_wso2_com, dbuser >>>> : db001_xxxxx, template : appkey_admin@development >>>> 2. drop database -> remove the database only >>>> 3. create the database again naming 'db001' -> create the db: >>>> db001_wso2_com, dbuser : db00155_xxxxx, template : appkey_admin@development >>>> >>>> Here, new user will be created with the name db001NN_xxxxx (NN will be >>>> a random number in between 0-100) >>>> >>>> now a new template will not be created for each database creation. >>>> first time when we create the template system will create the admin >>>> template as 'appkey_admin@development', and then for the second >>>> database same 'appkey_admin@development' template will be attached. >>>> >>>> Now database and dbuser name allows to enter only 5 characters >>>> >>>> >>>> On Thu, Oct 2, 2014 at 10:47 AM, Amalka Subasinghe <ama...@wso2.com> >>>> wrote: >>>> >>>>> Red error message comes when we try to create the database. since it's >>>>> already deleted we can use the same name, but the problem here is we can't >>>>> create the dbuser with the same name. in that case, giving message name >>>>> has >>>>> already taken will not be matching >>>>> >>>>> On Thu, Oct 2, 2014 at 10:39 AM, Dmitry Sotnikov <dmi...@wso2.com> >>>>> wrote: >>>>> >>>>>> Dimuthu, thanks! >>>>>> >>>>>> Amalka, can we instead of the scary red error message, just instruct >>>>>> user to pick another name because this one has already been taken? >>>>>> >>>>>> Dmitry >>>>>> >>>>>> On Wed, Oct 1, 2014 at 8:46 PM, Dimuthu Leelarathne < >>>>>> dimut...@wso2.com> wrote: >>>>>> >>>>>>> Hi Dmitry, >>>>>>> >>>>>>> Please see my comments inline. >>>>>>> >>>>>>> On Wed, Oct 1, 2014 at 9:49 PM, Dmitry Sotnikov <dmi...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Amalka, >>>>>>>> >>>>>>>> Thanks! For your #1, what will happen when you get to the limit? >>>>>>>> Will database creation fail? Or is there code to handle it gracefully? >>>>>>>> How? >>>>>>>> >>>>>>>> For #2, default@Development sounds pretty meaningless. Is that >>>>>>>> all-powerful all-permission templates? Why not call it >>>>>>>> admin@Development? >>>>>>>> Other than that, if this prevents all these multiple identical >>>>>>>> permission >>>>>>>> templates from being created with each database - this would be a good >>>>>>>> thing! >>>>>>>> >>>>>>>> Ideally, in the future we also delete the temporary user accounts >>>>>>>> when databases are deleted or find another way to prevent the current >>>>>>>> proliferation of the temp accounts... >>>>>>>> >>>>>>> >>>>>>> Proliferation of user accounts - This is not possible due to a >>>>>>> limitation in SS API. There is no way to identify whether a user is >>>>>>> attached to more than one database, hence we cannot delete them upon >>>>>>> database deletion. I have already created a JIRA for SS guys. >>>>>>> >>>>>>> thanks, >>>>>>> dimuthu >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Dmitry >>>>>>>> >>>>>>>> On Wed, Oct 1, 2014 at 7:09 AM, Amalka Subasinghe <ama...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> *I fixed the add new database function as follows: (Issue 1)* >>>>>>>>> >>>>>>>>> 1. add new database first time 'db001' >>>>>>>>> System will create database: 'db001_wso2_com', dbuser: >>>>>>>>> 'db001_xxxxx'. >>>>>>>>> >>>>>>>>> 2. drop the database 'db001' >>>>>>>>> System will drop only the database; dbuser will be remain in the >>>>>>>>> system >>>>>>>>> >>>>>>>>> 3. add new database with the same name 'db001' >>>>>>>>> System will get the number of users who has the name starting with >>>>>>>>> 'db001'; this time ..it's 1. So system will create the new user as >>>>>>>>> 'db0011_xxxxx'. (appending 1 at the end of the database name) >>>>>>>>> >>>>>>>>> like wise every time when we create the new database with the same >>>>>>>>> name (after dropping) it will append the number of users (name >>>>>>>>> staring with >>>>>>>>> 'db001') exist in the system, for the dbuser name. >>>>>>>>> Please note, storage server allows only 7 characters for database >>>>>>>>> and dbuser names. So I had to limit the character length of database >>>>>>>>> and >>>>>>>>> dbuser to 5. Remaining 2 characters are for appending the number. >>>>>>>>> >>>>>>>>> >>>>>>>>> *Planning to fix the Issue 2 as follows* >>>>>>>>> >>>>>>>>> When we create new database each time it creates a new template. >>>>>>>>> My idea is to keep one default template 'default@Development' >>>>>>>>> with all the permission and attach that to the each database. >>>>>>>>> >>>>>>>>> - When user creates a new database, if the 'default@Development' >>>>>>>>> template exist; it will assign to the database, else system creates >>>>>>>>> default >>>>>>>>> template 'default@Development' and assign. >>>>>>>>> - If user want to give a different permission list, he/she has to >>>>>>>>> create a custom template and assign to the database >>>>>>>>> >>>>>>>>> Please share your thoughts on this >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> Amalka >>>>>>>>> >>>>>>>>> On Tue, Sep 30, 2014 at 11:54 PM, Dmitry Sotnikov <dmi...@wso2.com >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Thanks Amalka! >>>>>>>>>> >>>>>>>>>> You have reproduced the issue correctly. >>>>>>>>>> >>>>>>>>>> Here's what I think would work: >>>>>>>>>> >>>>>>>>>> * This default mode that automatically associates a user account >>>>>>>>>> should always do so. Product behavior needs to be consistent. >>>>>>>>>> >>>>>>>>>> As far as I understand, the current behavior happens because of >>>>>>>>>> the account name clash and we have some sort of code that tries to >>>>>>>>>> generate >>>>>>>>>> the account, gets the clash and then neither generates the account >>>>>>>>>> nor >>>>>>>>>> associates the existing one (what does it do with the password? just >>>>>>>>>> ignores the new password?) >>>>>>>>>> >>>>>>>>>> Quick and easy fix, if you do not have time for more changes: >>>>>>>>>> 1. Fix this particular handling code, and in the event of name >>>>>>>>>> clash, add a number to the name to make it unique - so behavior is >>>>>>>>>> consistent. >>>>>>>>>> >>>>>>>>>> Suggested other/better/longer-term possible changes to make the >>>>>>>>>> behavior more intuitive (comments from everyone are welcome): >>>>>>>>>> 2. If I am deleting a database and it is the only one using a >>>>>>>>>> user account and permission template, delete the account and >>>>>>>>>> template as >>>>>>>>>> well (probably have the corresponding checkboxes on the confirmation >>>>>>>>>> window). >>>>>>>>>> >>>>>>>>>> Are you sure you want to permanently delete >>>>>>>>>> database TestDB65765 in Development? >>>>>>>>>> [X] Also, delete user account TestDB65765 associated with this >>>>>>>>>> database and its permission template >>>>>>>>>> >>>>>>>>>> [Cancel] [Delete] >>>>>>>>>> >>>>>>>>>> 3. Create a set of DB permission templates (e.g. Admin, >>>>>>>>>> View-Only) and have them available for user accounts: >>>>>>>>>> 3.a. By default assign Admin, >>>>>>>>>> 3.b. Give in the corresponding advanced screens ability to create >>>>>>>>>> custom permission templates - this needs to be explicit choice >>>>>>>>>> though, >>>>>>>>>> 3.c. Admin and View-Only templates cannot be edited. When user >>>>>>>>>> tries to edit it, he/she is asked to provide a new custom name. >>>>>>>>>> >>>>>>>>>> What do you all think? >>>>>>>>>> >>>>>>>>>> Dmitry >>>>>>>>>> >>>>>>>>>> On Tue, Sep 30, 2014 at 9:38 AM, Amalka Subasinghe < >>>>>>>>>> ama...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi, >>>>>>>>>>> >>>>>>>>>>> Currently I'm working on the Jira [1]. Here we have two issues: >>>>>>>>>>> >>>>>>>>>>> *Issue 1:* >>>>>>>>>>> 1. create a database name "db001" -> this will create database, >>>>>>>>>>> dbuser and template >>>>>>>>>>> 2. click on the database and see database configuration -> under >>>>>>>>>>> the 'attached user' section shows dbuser >>>>>>>>>>> 3. delete the database >>>>>>>>>>> 4. again create the database with the same name "db001" >>>>>>>>>>> 5. click on the database and see database configuration >>>>>>>>>>> >>>>>>>>>>> Actual result : >>>>>>>>>>> a. No database user under 'attached user' section, >>>>>>>>>>> b. 'Attach new user' -> 'User name' drop down shows the user >>>>>>>>>>> which created previously. >>>>>>>>>>> c. 'Attach new user' -> 'Permission template drop down' section >>>>>>>>>>> shows the 2 templates with the same name 'db001@Development' >>>>>>>>>>> >>>>>>>>>>> What should be the expected result here? >>>>>>>>>>> 1. Are we allowing user to create the database with the same >>>>>>>>>>> name again? if so shall we attached the already exist dbuser and the >>>>>>>>>>> template to the database? >>>>>>>>>>> 2. I think we need to stop creating second template with the >>>>>>>>>>> same name 'db001@Development'. right? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *Issue 2:* >>>>>>>>>>> In the Jira, it has asked to change the template names as >>>>>>>>>>> "Admin" or "Read-only" instead of 'db001@Development'. >>>>>>>>>>> Here, my concern is, when we create the database, template will >>>>>>>>>>> be automatically created with all the permission (So we can call it >>>>>>>>>>> as >>>>>>>>>>> 'Admin' template), but if the user change the permissions later, >>>>>>>>>>> then >>>>>>>>>>> calling the template as 'Admin' will not be matching. So, current >>>>>>>>>>> template >>>>>>>>>>> name is fine for me. WDYT? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [1] https://wso2.org/jira/browse/APPFAC-2521 >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> Amalka >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Dmitry Sotnikov >>>>>>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>>>>>> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> <http://wso2.com/events/> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> Amalka Subasinghe >>>>>>>>> >>>>>>>>> WSO2 Inc. >>>>>>>>> Mobile: +94 77 9401267 >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Dmitry Sotnikov >>>>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>>>> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> <http://wso2.com/events/> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Dimuthu Leelarathne >>>>>>> Architect & Product Lead of App Factory >>>>>>> >>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>> email: dimut...@wso2.com >>>>>>> Mobile : 0773661935 >>>>>>> >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Dmitry Sotnikov >>>>>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>>>>> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> <http://wso2.com/events/> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Amalka Subasinghe >>>>> >>>>> WSO2 Inc. >>>>> Mobile: +94 77 9401267 >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Amalka Subasinghe >>>> >>>> WSO2 Inc. >>>> Mobile: +94 77 9401267 >>>> >>> >>> >>> >>> -- >>> Dmitry Sotnikov >>> VP of Cloud; WSO2, Inc.; http://wso2.com/ >>> email: dmi...@wso2.com; cell: +1.949.303.9653; Skype: DSotnikov >>> Lean . Enterprise . Middleware >>> >>> <http://wso2.com/events/> >>> >> >> >> >> -- >> >> Amalka Subasinghe >> >> WSO2 Inc. >> Mobile: +94 77 9401267 >> > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
