You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Jessica Wang <Je...@citrix.com> on 2013/10/09 02:10:27 UTC
questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Jessica
RE: questions about registerIso API and updateIsoPermissions API
Posted by Jessica Wang <Je...@citrix.com>.
Thanks, Nitin.
I just filed an API bug for this:
https://issues.apache.org/jira/i#browse/CLOUDSTACK-4843
From: Nitin Mehta
Sent: Wednesday, October 09, 2013 2:08 PM
To: Jessica Wang; <de...@cloudstack.apache.org>; Alena Prokharchyk
Cc: Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
I think (1) is the right way to go.
From: Jessica Wang <Je...@citrix.com>>
Date: Wednesday 9 October 2013 12:47 PM
To: Nitin Mehta <ni...@citrix.com>>, "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>, Alena Prokharchyk <Al...@citrix.com>>
Cc: Shweta Agarwal <Sh...@citrix.com>>
Subject: RE: questions about registerIso API and updateIsoPermissions API
Currently, at API level, a normal user is not allowed to specify "isfeatured" when registering ISO (API will ignore "isfeatured" parameter when a normal user passes it),
but a normal user is allowed to specify "isfeatured" when updating ISO.
Should we fix API to:
(1) allow a normal user to specify "isfeatured" when registering ISO (API won't ignore "isfeatured" parameter when a normal user passes it)
OR
(2) disallow a normal user to specify "isfeatured" when updating ISO
?
p.s. I'll do corresponding UI change after API is fixed.
From: Jessica Wang
Sent: Wednesday, October 09, 2013 11:01 AM
To: Nitin Mehta; <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: RE: questions about registerIso API and updateIsoPermissions API
Nitin,
> At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
Thanks.
> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
That only works for admin, but NOT normal user.
If you log in as a normal user, then pass "isfeatured=true" to registerIso API, API will ignore it.
The newly registered template will have "isfeatured: false".
e.g.
http://10.215.3.26:8080/client/api?command=registerIso&response=json&sessionkey=u%2FVIHPJuPohidGKFd0lh6csG%2BfM%3D&name=normalUserIso1&displayText=normalUserIso1&url=http%3A%2F%2F10.223.110.231%2Fisos_64bit%2Fdummy.iso&zoneid=6bcd3bd9-591c-4d99-a164-d05b87df1b04&isfeatured=true&isextractable=false&bootable=true&osTypeId=b8cbfd6c-2d40-11e3-86aa-3c970e739c3e&ispublic=false&_=1381340961641
{
"registerisoresponse": {
"count": 1,
"iso": [
{
"id": "9b903876-f17c-4634-8463-8e3025259956",
"name": "normalUserIso1",
"displaytext": "normalUserIso1",
"ispublic": false,
"created": "2013-10-09T10:52:38-0700",
"isready": false,
"bootable": true,
"isfeatured": false,
"crossZones": false,
"ostypeid": "b8cbfd6c-2d40-11e3-86aa-3c970e739c3e",
"ostypename": "Apple Mac OS X 10.6 (32-bit)",
"account": "aaa_user",
"zoneid": "6bcd3bd9-591c-4d99-a164-d05b87df1b04",
"zonename": "jw-adv",
"status": "",
"domain": "aaa",
"domainid": "47b09d73-84ef-48dc-9b73-1720bad600cb",
"isextractable": false,
"tags": []
}
]
}
}
Jessica
From: Nitin Mehta
Sent: Tuesday, October 08, 2013 5:27 PM
To: Jessica Wang; <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
Answers inline.
From: Jessica Wang <Je...@citrix.com>>
Date: Tuesday 8 October 2013 5:10 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Nitin Mehta <ni...@citrix.com>>, Shweta Agarwal <Sh...@citrix.com>>
Subject: questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
Nitin>> This is a grey area. This was done for templates (Isos just inherited it) because derived templates may or may not belong to the same user and we want to follow the principle of least privilege.
At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Nitin>> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
Jessica
Re: questions about registerIso API and updateIsoPermissions API
Posted by Nitin Mehta <Ni...@citrix.com>.
I think (1) is the right way to go.
From: Jessica Wang <Je...@citrix.com>>
Date: Wednesday 9 October 2013 12:47 PM
To: Nitin Mehta <ni...@citrix.com>>, "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>, Alena Prokharchyk <Al...@citrix.com>>
Cc: Shweta Agarwal <Sh...@citrix.com>>
Subject: RE: questions about registerIso API and updateIsoPermissions API
Currently, at API level, a normal user is not allowed to specify “isfeatured” when registering ISO (API will ignore “isfeatured” parameter when a normal user passes it),
but a normal user is allowed to specify “isfeatured” when updating ISO.
Should we fix API to:
(1) allow a normal user to specify “isfeatured” when registering ISO (API won’t ignore “isfeatured” parameter when a normal user passes it)
OR
(2) disallow a normal user to specify “isfeatured” when updating ISO
?
p.s. I’ll do corresponding UI change after API is fixed.
From: Jessica Wang
Sent: Wednesday, October 09, 2013 11:01 AM
To: Nitin Mehta; <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: RE: questions about registerIso API and updateIsoPermissions API
Nitin,
> At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
Thanks.
> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
That only works for admin, but NOT normal user.
If you log in as a normal user, then pass “isfeatured=true” to registerIso API, API will ignore it.
The newly registered template will have “isfeatured: false”.
e.g.
http://10.215.3.26:8080/client/api?command=registerIso&response=json&sessionkey=u%2FVIHPJuPohidGKFd0lh6csG%2BfM%3D&name=normalUserIso1&displayText=normalUserIso1&url=http%3A%2F%2F10.223.110.231%2Fisos_64bit%2Fdummy.iso&zoneid=6bcd3bd9-591c-4d99-a164-d05b87df1b04&isfeatured=true&isextractable=false&bootable=true&osTypeId=b8cbfd6c-2d40-11e3-86aa-3c970e739c3e&ispublic=false&_=1381340961641
{
"registerisoresponse": {
"count": 1,
"iso": [
{
"id": "9b903876-f17c-4634-8463-8e3025259956",
"name": "normalUserIso1",
"displaytext": "normalUserIso1",
"ispublic": false,
"created": "2013-10-09T10:52:38-0700",
"isready": false,
"bootable": true,
"isfeatured": false,
"crossZones": false,
"ostypeid": "b8cbfd6c-2d40-11e3-86aa-3c970e739c3e",
"ostypename": "Apple Mac OS X 10.6 (32-bit)",
"account": "aaa_user",
"zoneid": "6bcd3bd9-591c-4d99-a164-d05b87df1b04",
"zonename": "jw-adv",
"status": "",
"domain": "aaa",
"domainid": "47b09d73-84ef-48dc-9b73-1720bad600cb",
"isextractable": false,
"tags": []
}
]
}
}
Jessica
From: Nitin Mehta
Sent: Tuesday, October 08, 2013 5:27 PM
To: Jessica Wang; <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
Answers inline.
From: Jessica Wang <Je...@citrix.com>>
Date: Tuesday 8 October 2013 5:10 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Nitin Mehta <ni...@citrix.com>>, Shweta Agarwal <Sh...@citrix.com>>
Subject: questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
Nitin>> This is a grey area. This was done for templates (Isos just inherited it) because derived templates may or may not belong to the same user and we want to follow the principle of least privilege.
At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Nitin>> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
Jessica
RE: questions about registerIso API and updateIsoPermissions API
Posted by Jessica Wang <Je...@citrix.com>.
Currently, at API level, a normal user is not allowed to specify "isfeatured" when registering ISO (API will ignore "isfeatured" parameter when a normal user passes it),
but a normal user is allowed to specify "isfeatured" when updating ISO.
Should we fix API to:
(1) allow a normal user to specify "isfeatured" when registering ISO (API won't ignore "isfeatured" parameter when a normal user passes it)
OR
(2) disallow a normal user to specify "isfeatured" when updating ISO
?
p.s. I'll do corresponding UI change after API is fixed.
From: Jessica Wang
Sent: Wednesday, October 09, 2013 11:01 AM
To: Nitin Mehta; <de...@cloudstack.apache.org>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: RE: questions about registerIso API and updateIsoPermissions API
Nitin,
> At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
Thanks.
> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
That only works for admin, but NOT normal user.
If you log in as a normal user, then pass "isfeatured=true" to registerIso API, API will ignore it.
The newly registered template will have "isfeatured: false".
e.g.
http://10.215.3.26:8080/client/api?command=registerIso&response=json&sessionkey=u%2FVIHPJuPohidGKFd0lh6csG%2BfM%3D&name=normalUserIso1&displayText=normalUserIso1&url=http%3A%2F%2F10.223.110.231%2Fisos_64bit%2Fdummy.iso&zoneid=6bcd3bd9-591c-4d99-a164-d05b87df1b04&isfeatured=true&isextractable=false&bootable=true&osTypeId=b8cbfd6c-2d40-11e3-86aa-3c970e739c3e&ispublic=false&_=1381340961641
{
"registerisoresponse": {
"count": 1,
"iso": [
{
"id": "9b903876-f17c-4634-8463-8e3025259956",
"name": "normalUserIso1",
"displaytext": "normalUserIso1",
"ispublic": false,
"created": "2013-10-09T10:52:38-0700",
"isready": false,
"bootable": true,
"isfeatured": false,
"crossZones": false,
"ostypeid": "b8cbfd6c-2d40-11e3-86aa-3c970e739c3e",
"ostypename": "Apple Mac OS X 10.6 (32-bit)",
"account": "aaa_user",
"zoneid": "6bcd3bd9-591c-4d99-a164-d05b87df1b04",
"zonename": "jw-adv",
"status": "",
"domain": "aaa",
"domainid": "47b09d73-84ef-48dc-9b73-1720bad600cb",
"isextractable": false,
"tags": []
}
]
}
}
Jessica
From: Nitin Mehta
Sent: Tuesday, October 08, 2013 5:27 PM
To: Jessica Wang; <de...@cloudstack.apache.org>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
Answers inline.
From: Jessica Wang <Je...@citrix.com>>
Date: Tuesday 8 October 2013 5:10 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Nitin Mehta <ni...@citrix.com>>, Shweta Agarwal <Sh...@citrix.com>>
Subject: questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
Nitin>> This is a grey area. This was done for templates (Isos just inherited it) because derived templates may or may not belong to the same user and we want to follow the principle of least privilege.
At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Nitin>> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
Jessica
RE: questions about registerIso API and updateIsoPermissions API
Posted by Jessica Wang <Je...@citrix.com>.
Nitin,
> At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
Thanks.
> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
That only works for admin, but NOT normal user.
If you log in as a normal user, then pass "isfeatured=true" to registerIso API, API will ignore it.
The newly registered template will have "isfeatured: false".
e.g.
http://10.215.3.26:8080/client/api?command=registerIso&response=json&sessionkey=u%2FVIHPJuPohidGKFd0lh6csG%2BfM%3D&name=normalUserIso1&displayText=normalUserIso1&url=http%3A%2F%2F10.223.110.231%2Fisos_64bit%2Fdummy.iso&zoneid=6bcd3bd9-591c-4d99-a164-d05b87df1b04&isfeatured=true&isextractable=false&bootable=true&osTypeId=b8cbfd6c-2d40-11e3-86aa-3c970e739c3e&ispublic=false&_=1381340961641
{
"registerisoresponse": {
"count": 1,
"iso": [
{
"id": "9b903876-f17c-4634-8463-8e3025259956",
"name": "normalUserIso1",
"displaytext": "normalUserIso1",
"ispublic": false,
"created": "2013-10-09T10:52:38-0700",
"isready": false,
"bootable": true,
"isfeatured": false,
"crossZones": false,
"ostypeid": "b8cbfd6c-2d40-11e3-86aa-3c970e739c3e",
"ostypename": "Apple Mac OS X 10.6 (32-bit)",
"account": "aaa_user",
"zoneid": "6bcd3bd9-591c-4d99-a164-d05b87df1b04",
"zonename": "jw-adv",
"status": "",
"domain": "aaa",
"domainid": "47b09d73-84ef-48dc-9b73-1720bad600cb",
"isextractable": false,
"tags": []
}
]
}
}
Jessica
From: Nitin Mehta
Sent: Tuesday, October 08, 2013 5:27 PM
To: Jessica Wang; <de...@cloudstack.apache.org>
Cc: Alena Prokharchyk; Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
Answers inline.
From: Jessica Wang <Je...@citrix.com>>
Date: Tuesday 8 October 2013 5:10 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Nitin Mehta <ni...@citrix.com>>, Shweta Agarwal <Sh...@citrix.com>>
Subject: questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
Nitin>> This is a grey area. This was done for templates (Isos just inherited it) because derived templates may or may not belong to the same user and we want to follow the principle of least privilege.
At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Nitin>> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
Jessica
RE: questions about registerIso API and updateIsoPermissions API
Posted by Jessica Wang <Je...@citrix.com>.
Alena,
> Jessica, did you mean updateIso? As updateIsoPermissions updates permissions only.
Alena, I meant UpdateIsoPermissions API, not updateIso API.
If you check Java file, it's UpdateIsoPermissionsCmd.java that extends BaseUpdateTemplateOrIsoPermissionsCmd.java which takes in isextractable parameter.
> Answering your question - if user can specify the flag when registering the template, he should be allowed to update it.
Thanks.
> Again, should be updateIso.
should be updateIsoPermissions
> its a bug if he can update the flag on existing object, but can't create the object with this flag by default.
Thanks
Jessica
-----Original Message-----
From: Alena Prokharchyk
Sent: Tuesday, October 08, 2013 5:21 PM
To: Jessica Wang; <de...@cloudstack.apache.org>
Cc: Nitin Mehta; Shweta Agarwal
Subject: Re: questions about registerIso API and updateIsoPermissions API
On 10/8/13 5:10 PM, "Jessica Wang" <Je...@citrix.com> wrote:
>Hi,
>
>I have questions about registerIso API and updateIsoPermissions API.
>
>(1) A normal user is allowed to specify isextractable property when
>registering an ISO (through registerIso API),
>
>but NOT allowed to update isextractable property when updating an ISO
>(through updateIsoPermissions API).
>Is this by design or it's just an API bug?
Jessica, did you mean updateIso? As UpdateIsoPermissions updates
permissions only.
Answering your question - if user can specify the flag when registering
the template, he should be allowed to update it.
>
>(2) A normal user is NOT allowed to specify isfeatured property when
>registering an ISO (through registerIso API),
>
>but allowed to update isfeatured property when updating an ISO (through
>updateIsoPermissions API)?
>Is this by design or it's just an API bug?
Again, should be updateIso. And yes, its a bug if he can update the flag
on existing object, but can't create the object with this flag by default.
>
>Jessica
>
>
Re: questions about registerIso API and updateIsoPermissions API
Posted by Nitin Mehta <Ni...@citrix.com>.
Answers inline.
From: Jessica Wang <Je...@citrix.com>>
Date: Tuesday 8 October 2013 5:10 PM
To: "<de...@cloudstack.apache.org>>" <de...@cloudstack.apache.org>>
Cc: Alena Prokharchyk <Al...@citrix.com>>, Nitin Mehta <ni...@citrix.com>>, Shweta Agarwal <Sh...@citrix.com>>
Subject: questions about registerIso API and updateIsoPermissions API
Hi,
I have questions about registerIso API and updateIsoPermissions API.
(1) A normal user is allowed to specify isextractable property when registering an ISO (through registerIso API),
but NOT allowed to update isextractable property when updating an ISO (through updateIsoPermissions API).
Is this by design or it's just an API bug?
Nitin>> This is a grey area. This was done for templates (Isos just inherited it) because derived templates may or may not belong to the same user and we want to follow the principle of least privilege.
At the moment, I think that for Isos we should allow to edit it so would call it an API bug.
(2) A normal user is NOT allowed to specify isfeatured property when registering an ISO (through registerIso API),
but allowed to update isfeatured property when updating an ISO (through updateIsoPermissions API)?
Is this by design or it's just an API bug?
Nitin>> Register Iso does provide an option to mark an ISO featured. I see that in the latest master.
Jessica
Re: questions about registerIso API and updateIsoPermissions API
Posted by Alena Prokharchyk <Al...@citrix.com>.
On 10/8/13 5:10 PM, "Jessica Wang" <Je...@citrix.com> wrote:
>Hi,
>
>I have questions about registerIso API and updateIsoPermissions API.
>
>(1) A normal user is allowed to specify isextractable property when
>registering an ISO (through registerIso API),
>
>but NOT allowed to update isextractable property when updating an ISO
>(through updateIsoPermissions API).
>Is this by design or it's just an API bug?
Jessica, did you mean updateIso? As UpdateIsoPermissions updates
permissions only.
Answering your question - if user can specify the flag when registering
the template, he should be allowed to update it.
>
>(2) A normal user is NOT allowed to specify isfeatured property when
>registering an ISO (through registerIso API),
>
>but allowed to update isfeatured property when updating an ISO (through
>updateIsoPermissions API)?
>Is this by design or it's just an API bug?
Again, should be updateIso. And yes, its a bug if he can update the flag
on existing object, but can't create the object with this flag by default.
>
>Jessica
>
>