DepSync with Grouping

[Udara Liyanage <ud...@wso2.com>]

Hi,

Earlier encrypted password text of the user provided repo password is sent
with the ArtifactUpdate event. The cartridge agent decrypt the text with
the key sent with payload.
However with grouping since there are no subscriptions, encrypted text can
not be sent in the event  by SM.  Possible solutions are,

1) Send the encrypted text in payload
Now the encrypted text and key both in the same place which is not safe.

2) Publish encrypted text to metadata service
AS published the encrypted text to the metadata service at the time of
application parsing. Cartridge instance get the text from metadata service.
This has the overhead of publishing to metadata service and retrieving from
it.

WDYT?


-- 

Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware

web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897

Re: DepSync with Grouping

[Sajith Kariyawasam <sa...@wso2.com>]

On Mon, Nov 3, 2014 at 8:14 PM, Udara Liyanage <ud...@wso2.com> wrote:

> Hi,
>
> Earlier encrypted password text of the user provided repo password is sent
> with the ArtifactUpdate event. The cartridge agent decrypt the text with
> the key sent with payload.
> However with grouping since there are no subscriptions, encrypted text can
> not be sent in the event  by SM.  Possible solutions are,
>
> 1) Send the encrypted text in payload
> Now the encrypted text and key both in the same place which is not safe.
>
> 2) Publish encrypted text to metadata service
> AS published the encrypted text to the metadata service at the time of
> application parsing. Cartridge instance get the text from metadata service.
> This has the overhead of publishing to metadata service and retrieving
> from it.
>

Can this be supported for multi tenant cartridge scenarios as well? Option
1 seems not supported. Is option 2 supported?

>
> WDYT?
>
>
> --
>
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
>



-- 
*Sajith Kariyawasam*


*Committer and PMC member, Apache Stratos,WSO2 Inc., http://wso2.com
<http://wso2.com>AMIE (SL)Mobile: +94772269575*

Re: DepSync with Grouping

[Udara Liyanage <ud...@wso2.com>]

Hi Imesh,

The issue is earlier password text is with SM and SM sends the event. So SM
can attach the text with the event and publish. The text is generated when
a subscription is created. But in grouping there is no subscription, hence
SM does not have the text. The text is with the AS



Touched, not typed. Erroneous words are a feature, not a typo.
On Nov 4, 2014 5:41 AM, "Imesh Gunaratne" <im...@apache.org> wrote:

> On Mon, Nov 3, 2014 at 8:14 PM, Udara Liyanage <ud...@wso2.com> wrote:
>
>> Hi,
>>
>> Earlier encrypted password text of the user provided repo password is
>> sent with the ArtifactUpdate event. The cartridge agent decrypt the text
>> with the key sent with payload.
>> However with grouping since there are no subscriptions, encrypted text
>> can not be sent in the event  by SM.
>>
>
> I cannot see a problem here. We still have the ArtifactUpdatedEvent and it
> is sent when artifacts are updated in the remote git repository.
>
>
> --
> Imesh Gunaratne
>
> Technical Lead, WSO2
> Committer & PMC Member, Apache Stratos
>

Re: DepSync with Grouping

[Imesh Gunaratne <im...@apache.org>]

On Mon, Nov 3, 2014 at 8:14 PM, Udara Liyanage <ud...@wso2.com> wrote:

> Hi,
>
> Earlier encrypted password text of the user provided repo password is sent
> with the ArtifactUpdate event. The cartridge agent decrypt the text with
> the key sent with payload.
> However with grouping since there are no subscriptions, encrypted text can
> not be sent in the event  by SM.
>

I cannot see a problem here. We still have the ArtifactUpdatedEvent and it
is sent when artifacts are updated in the remote git repository.


-- 
Imesh Gunaratne

Technical Lead, WSO2
Committer & PMC Member, Apache Stratos