You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Andrew Gaul (JIRA)" <ji...@apache.org> on 2015/01/23 23:08:34 UTC
[jira] [Updated] (JCLOUDS-723) CloudStack createNodesInGroup fails
for service providers with locked down APIs
[ https://issues.apache.org/jira/browse/JCLOUDS-723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrew Gaul updated JCLOUDS-723:
--------------------------------
Component/s: jclouds-compute
> CloudStack createNodesInGroup fails for service providers with locked down APIs
> -------------------------------------------------------------------------------
>
> Key: JCLOUDS-723
> URL: https://issues.apache.org/jira/browse/JCLOUDS-723
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-compute
> Affects Versions: 1.8.0
> Reporter: Aled Sage
>
> Creating VM(s) on CloudStack fails with some service providers, because they lock down access to parts of their API.
> For example, API calls made by the listImages method are sometimes forbidden.
> CloudStackComputeServiceAdapter.listImages:
> https://github.com/apache/jclouds/blob/f17c876d8dc161988f586c3cf343361d896f6928/apis/cloudstack/src/main/java/org/jclouds/cloudstack/compute/strategy/CloudStackComputeServiceAdapter.java#L284-294
> The method tries to list all templates. First, it lists all templates that are executable. Then, it lists all templates associated with each project in the account. Translated to Cloudmonkey-suitable commands, the call flow is:
> * list templates listAll=true templatefilter=executable
> * list accounts listAll=true
> for each account response: extract name and domainid from response and call:
> * list projects listAll=true account=.. domainid=..
> jclouds fails because it gets a response 405 Method Not Allowed to the listAccounts call (and would do the same for the listProjects call if it got that far).
> /api/CloudPlatformProxy?apiKey=removed&command=listAccounts&expires=2014-07-21T11%3A08%3A32%2B0000&response=json&signatureversion=3&signature=removed"
> HTTP/1.1 405 Method Not Allowed
> Cache-Control: no-cache
> Pragma: no-cache
> Expires: -1
> Server: Microsoft-IIS/7.5
> X-AspNet-Version: 4.0.30319
> X-Powered-By: ASP.NET
> Date: Mon, 21 Jul 2014 11:00:19 GMT
> Content-Length: 0
> /api/CloudPlatformProxy?apiKey=removed&command=listProjects&expires=2014-07-21T11%3A04%3A59%2B0000&response=json&signatureversion=3&signature=removed"
> HTTP/1.1 405 Method Not Allowed
> Cache-Control: no-cache
> Pragma: no-cache
> Expires: -1
> Server: Microsoft-IIS/7.5
> X-AspNet-Version: 4.0.30319
> X-Powered-By: ASP.NET
> Date: Mon, 21 Jul 2014 10:57:13 GMT
> Content-Length: 0
> The cloud provider's response was:
> Accounts and projects are blocked simply because this is a multi tenant service where account isolation is important. So we don’t allow users to list all accounts on the platform as each one is tied to a customer.
> Projects and domain aren’t exposed because we haven’t assessed the risks to billing if these are enabled.
> The credentials that we give you will tie you to an account and then (other than domains and projects) you can do what you want.
> I like the idea of enabling certain list API calls but only when listall is set to false. Of course if its just stopping a test program then the incentive in fixing it would be minimal.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)