You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Rohit Yadav <ro...@shapeblue.com> on 2020/02/19 08:41:37 UTC
[DISCUSS] Honouring listall=true in API calls to include
project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Posted by Ivan Kudryavtsev <iv...@bw-sw.com>.
This is s nice improvement.
ср, 19 февр. 2020 г., 15:41 Rohit Yadav <ro...@shapeblue.com>:
> All,
>
> Many list APIs, such as the listRouters API, accept a `listall` parameter
> as well as a `projectid` parameter. Currently, on calling a list API with
> listall=true and projectid=-1 it only returns resources belonging to all
> projects, the listall=true parameter is effectively ignored.
>
> We've come up with a PR that fixes the list APIs (mainly for Primate) to
> return all the resources including project when both listall=true and
> projectid=-1 are passed, by a non-normal user (i.e. the admin and
> domain-admin user):
>
> https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed
> incorrect use in old UI)
>
>
> This will fix the multiple-api calling hack and Primate would be able to
> say list all routers in Infra->Routers with a single API call.
>
> In current UI, for example, to see all the routers under Infra -> Routers,
> two API calls are made with and without projectid=-1. The code in fact
> ignores the listall=true when projectid=-1 is used.
>
>
> However, this may break "soft" compatibility when both
> listall=true&projectid=-1 are passed for some list APIs, as:
>
> * Old behaviour: will only returns resources belonging to a project,
> only to admin and domain admin
> * New behaviour: will return all resources including project
> resources, only to admin and domain admin
> * Additional notes: normal user (not an admin, or a domain admin etc)
> will not be affected
>
> The listall parameter is documented as "if set to true - list resources
> that the caller is authorized to see", PR intends to fix this behaviour bug.
>
> As far as I can tell the projectid=-1 is only used in the current UI, any
> users, dev want to share their concerns, thoughts?
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Posted by Ivan Kudryavtsev <iv...@bw-sw.com>.
This is s nice improvement.
ср, 19 февр. 2020 г., 15:41 Rohit Yadav <ro...@shapeblue.com>:
> All,
>
> Many list APIs, such as the listRouters API, accept a `listall` parameter
> as well as a `projectid` parameter. Currently, on calling a list API with
> listall=true and projectid=-1 it only returns resources belonging to all
> projects, the listall=true parameter is effectively ignored.
>
> We've come up with a PR that fixes the list APIs (mainly for Primate) to
> return all the resources including project when both listall=true and
> projectid=-1 are passed, by a non-normal user (i.e. the admin and
> domain-admin user):
>
> https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed
> incorrect use in old UI)
>
>
> This will fix the multiple-api calling hack and Primate would be able to
> say list all routers in Infra->Routers with a single API call.
>
> In current UI, for example, to see all the routers under Infra -> Routers,
> two API calls are made with and without projectid=-1. The code in fact
> ignores the listall=true when projectid=-1 is used.
>
>
> However, this may break "soft" compatibility when both
> listall=true&projectid=-1 are passed for some list APIs, as:
>
> * Old behaviour: will only returns resources belonging to a project,
> only to admin and domain admin
> * New behaviour: will return all resources including project
> resources, only to admin and domain admin
> * Additional notes: normal user (not an admin, or a domain admin etc)
> will not be affected
>
> The listall parameter is documented as "if set to true - list resources
> that the caller is authorized to see", PR intends to fix this behaviour bug.
>
> As far as I can tell the projectid=-1 is only used in the current UI, any
> users, dev want to share their concerns, thoughts?
>
> Regards,
>
> Rohit Yadav
>
> Software Architect, ShapeBlue
>
> https://www.shapeblue.com
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
> @shapeblue
>
>
>
>
Re: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Rohit Yadav <ro...@shapeblue.com>.
I've logged this issue now https://github.com/apache/cloudstack/issues/3897
I'll see if we can fix listing of all networks for root admin. The PR is primarily intended for Primate and specifically to a few APIs such as listRouters.
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 23:44
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Ideally, yes. The use case for 'listall' for the Admin including networks in projects, is pretty much the same as for Admins wanting to see VMs and VRs in projects...
It's hard to manage something that you can't see... ☹
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 09:51
To: Paul Angus <pa...@shapeblue.com>; users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
Re: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Rohit Yadav <ro...@shapeblue.com>.
I've logged this issue now https://github.com/apache/cloudstack/issues/3897
I'll see if we can fix listing of all networks for root admin. The PR is primarily intended for Primate and specifically to a few APIs such as listRouters.
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 23:44
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Ideally, yes. The use case for 'listall' for the Admin including networks in projects, is pretty much the same as for Admins wanting to see VMs and VRs in projects...
It's hard to manage something that you can't see... ☹
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 09:51
To: Paul Angus <pa...@shapeblue.com>; users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
RE: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Paul Angus <pa...@shapeblue.com>.
Ideally, yes. The use case for 'listall' for the Admin including networks in projects, is pretty much the same as for Admins wanting to see VMs and VRs in projects...
It's hard to manage something that you can't see... ☹
paul.angus@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 09:51
To: Paul Angus <pa...@shapeblue.com>; users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
RE: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Paul Angus <pa...@shapeblue.com>.
Ideally, yes. The use case for 'listall' for the Admin including networks in projects, is pretty much the same as for Admins wanting to see VMs and VRs in projects...
It's hard to manage something that you can't see... ☹
paul.angus@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 09:51
To: Paul Angus <pa...@shapeblue.com>; users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: [DISCUSS] Honouring listall=true in API calls to include project resources
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
Re: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Rohit Yadav <ro...@shapeblue.com>.
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
Re: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Rohit Yadav <ro...@shapeblue.com>.
Yes Paul, I've tested for routers and ilbvms - you can test yourself here:
http://primate-qa.cloudstack.cloud:8080/client/master/ (or using cmk)
I just checks, won't work for networks - you want me to fix that?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
________________________________
From: Paul Angus <pa...@shapeblue.com>
Sent: Wednesday, February 19, 2020 15:02
To: users@cloudstack.apache.org <us...@cloudstack.apache.org>; dev@cloudstack.apache.org <de...@cloudstack.apache.org>
Subject: RE: [DISCUSS] Honouring listall=true in API calls to include project resources
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com<http://www.shapeblue.com>
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
RE: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Paul Angus <pa...@shapeblue.com>.
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
RE: [DISCUSS] Honouring listall=true in API calls to
include project resources
Posted by Paul Angus <pa...@shapeblue.com>.
Does this include networks and VRs?
It's a real pain not being able to see them all..
paul.angus@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK
@shapeblue
-----Original Message-----
From: Rohit Yadav <ro...@shapeblue.com>
Sent: 19 February 2020 08:42
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: [DISCUSS] Honouring listall=true in API calls to include project resources
All,
Many list APIs, such as the listRouters API, accept a `listall` parameter as well as a `projectid` parameter. Currently, on calling a list API with listall=true and projectid=-1 it only returns resources belonging to all projects, the listall=true parameter is effectively ignored.
We've come up with a PR that fixes the list APIs (mainly for Primate) to return all the resources including project when both listall=true and projectid=-1 are passed, by a non-normal user (i.e. the admin and domain-admin user):
https://github.com/apache/cloudstack/pull/3894/files (the PR also fixed incorrect use in old UI)
This will fix the multiple-api calling hack and Primate would be able to say list all routers in Infra->Routers with a single API call.
In current UI, for example, to see all the routers under Infra -> Routers, two API calls are made with and without projectid=-1. The code in fact ignores the listall=true when projectid=-1 is used.
However, this may break "soft" compatibility when both listall=true&projectid=-1 are passed for some list APIs, as:
* Old behaviour: will only returns resources belonging to a project, only to admin and domain admin
* New behaviour: will return all resources including project resources, only to admin and domain admin
* Additional notes: normal user (not an admin, or a domain admin etc) will not be affected
The listall parameter is documented as "if set to true - list resources that the caller is authorized to see", PR intends to fix this behaviour bug.
As far as I can tell the projectid=-1 is only used in the current UI, any users, dev want to share their concerns, thoughts?
Regards,
Rohit Yadav
Software Architect, ShapeBlue
https://www.shapeblue.com
rohit.yadav@shapeblue.com
www.shapeblue.com
3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue