Re: Adding Huawei Object Storage: 3 questions

[Ronald Feicht <Ro...@scsynergy.com>]

Hi,


>> The Huawei Object Storage Java SDK does not yet support bucket
>> encryption. What should I return in the corresponding methods
>> "setBucketEncryption" and "deleteBucketEncryption" - true, false or
>> throw an exception?

> This is a design decision that the code should already be clear on (in
> for instance the minio plugin) . Strangely, the DeleteBucketCmd always
> creates a success response, while the CreateBucketCmd handles
> exceptions as expected. I think there is a bug in DeleteBucketCmd in
> that respect.


Actually, looking at the MinIO or simulator plugin, the design decision is not clear at all:

"setBucketEncryption" and "deleteBucketEncryption" both have a boolean as return value, but only ever return true or throw an exception, yet, never return false. So, it boils down to "Everything went well unless an exception is thrown." Normally in Java this kind of behavior is achieved by a "void" return value. Therefore I naturally wondered when my methods should return false. The intention behind the boolean might have been:

true -- the method set / deleted the bucket encryption, respectively

exception -- the method should have completed but some unforeseen out-of-the-ordinary error occurred, e. g. network connection error

false -- the device was purchased without a license for bucket-level encryption; unless a valid encryption license is installed into the device, this method will always continue to return false


> I gues your PR is https://github.com/apache/cloudstack/pull/8359. You
> can look at the ./deps/install-non-oss.sh or at

> https://github.com/shapeblue/cloudstack-nonoss/blob/main/install-non-oss.sh
> to see how these situations are handled. This method would require you
> to hide your sub-project behind the -Dnoredist flag. which is an
> inconvenience but is the only way to deal with those
> non-redistributables. If Huawei allows, we can add the jar in that
> repo.


It seems to me like this will not work, because an Object Storage Plugin has to be added to client/pom.xml and the provider's name into ui/src/views/infra/AddObjectStorage.vue? Hardcoding my plugin into those places would result in the client/pom.xml not building and my provider to be available in the UI's dropdown selection even though the corresponding plugin is not present on the classpath?


Or is there some dynamic dependency injection class scanning going on at runtime which detects all plugin provider beans at runtime and sends their ObjectStoreProvider instance variable "providerName" property to the UI to populate the dropdown selection? When a plugin is selected in the UI this would then trigger the client/pom.xml project to do a dynamic bean lookup to find the correct ObjectStoreProvider class by "providerName"? If this dynamic bean discovery is actually being done I would not have to add my project to client/pom.xml or into the "AddObjectStorage.vue" file? So, I guess dynamic bean discovery is NOT done?


I have next to no experience with the Spring (Boot) framework, only with Java SE / Jakarta EE and CDI / Weld, so maybe I just overlooked something very important in the code base, but from what information I was able to gather it seems like I should not be contributing my plugin upstream unless I can add the JAR library in question via Maven coordinates.


And judging from the fact that Huawei has still not answered my request to publish the OBS SDK with Maven coordinates, I assume that this is the "chinese way" of saying "Nope, not going to happen!".


Mit freundlichen Grüßen
R. Feicht

sc synergy GmbH
Hilgestrasse 14 | 55294 Bodenheim | Deutschland
Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 299
http://www.scsynergy.com | ronald.feicht@scsynergy.com
Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz, Geschäftsführer: Christian Reichert


________________________________
From: Daan Hoogland <da...@gmail.com>
Sent: Wednesday, January 31, 2024 10:49
To: dev@cloudstack.apache.org
Subject: Re: Adding Huawei Object Storage: 3 questions

Ronald,

On Wed, Jan 31, 2024 at 10:02 AM Ronald Feicht
<ro...@scsynergy.de> wrote:
>
> Hi,
>
> I have only lately found out, that I cannot use the publicly available
> Java SDK for Huawei Object Storage (which has Maven coordinates) as this
> SDK only works for the public Huawei Cloud, not for local non-cloud
> devices. Instead, all I have is a JAR file under the Apache License 2.0
> sent to me via email. I integrated that JAR file as a local repository
> inside plugins/storage/object/huawei-obs/local-huawei-sdk/. This is a
> quite ugly and frustrating "solution" as I have no influence on getting
> the right Java SDK published to maven central. I have opened a support
> ticket with Huawei asking whether I may include the JAR into the
> Cloudstack source code or better yet if they would be so kind as to
> publish it via maven central - but have not received an answer, yet.
> What is the official way for integrating local-only JAR files under the
> Apache License 2.0 into Cloudstack?

I gues your PR is https://github.com/apache/cloudstack/pull/8359. You
can look at the ./deps/install-non-oss.sh or at
https://github.com/shapeblue/cloudstack-nonoss/blob/main/install-non-oss.sh
to see how these situations are handled. This method would require you
to hide your sub-project behind the -Dnoredist flag. which is an
inconvenience but is the only way to deal with those
non-redistributables. If Huawei allows, we can add the jar in that
repo.

> The Huawei Object Storage Java SDK does not yet support bucket
> encryption. What should I return in the corresponding methods
> "setBucketEncryption" and "deleteBucketEncryption" - true, false or
> throw an exception?

This is a design decision that the code should already be clear on (in
for instance the minio plugin) . Strangely, the DeleteBucketCmd always
creates a success response, while the CreateBucketCmd handles
exceptions as expected. I think there is a bug in DeleteBucketCmd in
that respect.

> My assumption: The "createUser" method gets called via the UI by an
> account wishing to create a simple non-privileged user which may then
> use the created buckets of that account, but not create, modify or
> delete buckets themselves? Is this assumption correct?

Users log into accounts and get their rights based on the account. For
all users in an account the rights are the same.
sorry, I might not have gotten it but I no better answer on that (see
the code ;)

>
> Best regards,
> Ronald
> --
> *sc synergy GmbH*
> Hilgestrasse 14 | 55294 Bodenheim | Deutschland
> Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 299
> http://www.scsynergy.com | ronald.feicht@scsynergy.com
> Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz,
> Geschäftsführer: Christian Reichert



--
Daan

Re: Adding Huawei Object Storage: 3 questions

[Daan Hoogland <da...@gmail.com>]

On Fri, Feb 9, 2024 at 9:38 AM Ronald Feicht
<Ro...@scsynergy.com> wrote:
>
> Hi,
>
>
> >> The Huawei Object Storage Java SDK does not yet support bucket
> >> encryption. What should I return in the corresponding methods
> >> "setBucketEncryption" and "deleteBucketEncryption" - true, false or
> >> throw an exception?
>
> > This is a design decision that the code should already be clear on (in
> > for instance the minio plugin) . Strangely, the DeleteBucketCmd always
> > creates a success response, while the CreateBucketCmd handles
> > exceptions as expected. I think there is a bug in DeleteBucketCmd in
> > that respect.
>
>
> Actually, looking at the MinIO or simulator plugin, the design decision is not clear at all:
>
> "setBucketEncryption" and "deleteBucketEncryption" both have a boolean as return value, but only ever return true or throw an exception, yet, never return false. So, it boils down to "Everything went well unless an exception is thrown." Normally in Java this kind of behavior is achieved by a "void" return value. Therefore I naturally wondered when my methods should return false. The intention behind the boolean might have been:
>
> true -- the method set / deleted the bucket encryption, respectively
>
> exception -- the method should have completed but some unforeseen out-of-the-ordinary error occurred, e. g. network connection error
>
> false -- the device was purchased without a license for bucket-level encryption; unless a valid encryption license is installed into the device, this method will always continue to return false

That sounds reasonable to me. I think you should stick to it.

> > I gues your PR is https://github.com/apache/cloudstack/pull/8359. You
> > can look at the ./deps/install-non-oss.sh or at
>
> > https://github.com/shapeblue/cloudstack-nonoss/blob/main/install-non-oss.sh
> > to see how these situations are handled. This method would require you
> > to hide your sub-project behind the -Dnoredist flag. which is an
> > inconvenience but is the only way to deal with those
> > non-redistributables. If Huawei allows, we can add the jar in that
> > repo.
>
>
> It seems to me like this will not work, because an Object Storage Plugin has to be added to client/pom.xml and the provider's name into ui/src/views/infra/AddObjectStorage.vue? Hardcoding my plugin into those places would result in the client/pom.xml not building and my provider to be available in the UI's dropdown selection even though the corresponding plugin is not present on the classpath?

I know some other components are also conditionally coded in the UI,
like vmware. That should be taken care of.

> Or is there some dynamic dependency injection class scanning going on at runtime which detects all plugin provider beans at runtime and sends their ObjectStoreProvider instance variable "providerName" property to the UI to populate the dropdown selection? When a plugin is selected in the UI this would then trigger the client/pom.xml project to do a dynamic bean lookup to find the correct ObjectStoreProvider class by "providerName"? If this dynamic bean discovery is actually being done I would not have to add my project to client/pom.xml or into the "AddObjectStorage.vue" file? So, I guess dynamic bean discovery is NOT done?

I am not sure of all these question, but the client does
[listCapabilities](https://cloudstack.apache.org/api/apidocs-4.19/apis/listCapabilities.html)
and [listApis](https://cloudstack.apache.org/api/apidocs-4.19/apis/listApis.html)
calls to retrieve whatever information it needs to prepare the proper
UI components.  (I am not saying no design issues may have been
introduced in the object storage plugins)

> I have next to no experience with the Spring (Boot) framework, only with Java SE / Jakarta EE and CDI / Weld, so maybe I just overlooked something very important in the code base, but from what information I was able to gather it seems like I should not be contributing my plugin upstream unless I can add the JAR library in question via Maven coordinates.
>
>
> And judging from the fact that Huawei has still not answered my request to publish the OBS SDK with Maven coordinates, I assume that this is the "chinese way" of saying "Nope, not going to happen!".

sounds so :(

>
>
> Mit freundlichen Grüßen
> R. Feicht
>
> sc synergy GmbH
> Hilgestrasse 14 | 55294 Bodenheim | Deutschland
> Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 299
> http://www.scsynergy.com | ronald.feicht@scsynergy.com
> Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz, Geschäftsführer: Christian Reichert
>
>
> ________________________________
> From: Daan Hoogland <da...@gmail.com>
> Sent: Wednesday, January 31, 2024 10:49
> To: dev@cloudstack.apache.org
> Subject: Re: Adding Huawei Object Storage: 3 questions
>
> Ronald,
>
> On Wed, Jan 31, 2024 at 10:02 AM Ronald Feicht
> <ro...@scsynergy.de> wrote:
> >
> > Hi,
> >
> > I have only lately found out, that I cannot use the publicly available
> > Java SDK for Huawei Object Storage (which has Maven coordinates) as this
> > SDK only works for the public Huawei Cloud, not for local non-cloud
> > devices. Instead, all I have is a JAR file under the Apache License 2.0
> > sent to me via email. I integrated that JAR file as a local repository
> > inside plugins/storage/object/huawei-obs/local-huawei-sdk/. This is a
> > quite ugly and frustrating "solution" as I have no influence on getting
> > the right Java SDK published to maven central. I have opened a support
> > ticket with Huawei asking whether I may include the JAR into the
> > Cloudstack source code or better yet if they would be so kind as to
> > publish it via maven central - but have not received an answer, yet.
> > What is the official way for integrating local-only JAR files under the
> > Apache License 2.0 into Cloudstack?
>
> I gues your PR is https://github.com/apache/cloudstack/pull/8359. You
> can look at the ./deps/install-non-oss.sh or at
> https://github.com/shapeblue/cloudstack-nonoss/blob/main/install-non-oss.sh
> to see how these situations are handled. This method would require you
> to hide your sub-project behind the -Dnoredist flag. which is an
> inconvenience but is the only way to deal with those
> non-redistributables. If Huawei allows, we can add the jar in that
> repo.
>
> > The Huawei Object Storage Java SDK does not yet support bucket
> > encryption. What should I return in the corresponding methods
> > "setBucketEncryption" and "deleteBucketEncryption" - true, false or
> > throw an exception?
>
> This is a design decision that the code should already be clear on (in
> for instance the minio plugin) . Strangely, the DeleteBucketCmd always
> creates a success response, while the CreateBucketCmd handles
> exceptions as expected. I think there is a bug in DeleteBucketCmd in
> that respect.
>
> > My assumption: The "createUser" method gets called via the UI by an
> > account wishing to create a simple non-privileged user which may then
> > use the created buckets of that account, but not create, modify or
> > delete buckets themselves? Is this assumption correct?
>
> Users log into accounts and get their rights based on the account. For
> all users in an account the rights are the same.
> sorry, I might not have gotten it but I no better answer on that (see
> the code ;)
>
> >
> > Best regards,
> > Ronald
> > --
> > *sc synergy GmbH*
> > Hilgestrasse 14 | 55294 Bodenheim | Deutschland
> > Fon: +49 6135 71691 - 000 | Fax: +49 6135 71691 - 299
> > http://www.scsynergy.com | ronald.feicht@scsynergy.com
> > Sitz der Gesellschaft Bodenheim, HRB 8830, Amtsgericht Mainz,
> > Geschäftsführer: Christian Reichert
>
>
>
> --
> Daan
>


-- 
Daan