[Engine-devel] Design review summary for 3.2 - adding support for External Events

Tue Nov 20 14:07:58 UTC 2012

-Chris

> -----Original Message-----
> From: Eli Mesika [mailto:emesika at redhat.com]
> Sent: Monday, November 19, 2012 11:16 PM
> To: Morrissey, Christopher
> Cc: engine-devel
> Subject: Re: [Engine-devel] Design review summary for 3.2 - adding support
> for External Events
> 
> 
> 
> ----- Original Message -----
> > From: "Eli Mesika" <emesika at redhat.com>
> > To: "Christopher Morrissey" <Christopher.Morrissey at netapp.com>
> > Cc: "engine-devel" <engine-devel at ovirt.org>
> > Sent: Monday, November 19, 2012 11:09:32 PM
> > Subject: Re: [Engine-devel] Design review summary for 3.2 - adding
> support for	External Events
> >
> >
> >
> > ----- Original Message -----
> > > From: "Christopher Morrissey" <Christopher.Morrissey at netapp.com>
> > > To: "Eli Mesika" <emesika at redhat.com>, "engine-devel"
> > > <engine-devel at ovirt.org>
> > > Sent: Monday, November 19, 2012 4:50:34 PM
> > > Subject: RE: [Engine-devel] Design review summary for 3.2 - adding
> > > support for	External Events
> > >
> > > Hi Eli,
> > >
> > > I've perused the design and it looks very good for the purpose of
> > > adding events to the log as back end tasks on the NetApp VSC are
> > > started and complete.
> > >
> > > I do have one question. As part of the new UI plugin framework that
> > > Vojtech is working on he added the capability to retrieve a session
> > > ID that will be used outside of the oVirt engine to invoke REST API
> > > calls. I'm assuming this session would have the same role as the
> > > user that is currently logged in.
> > >
> > > According to the event log design, only the Super user will have
> > > permissions to add events by default. This would mean that if anyone
> > > other than the super user is logged in and performing any tasks
> > > through the NetApp plugin, the server side of the VSC will likely
> > > not be able to log events. This could be confusing for users as
> > > sometimes they see events showing up giving them information on the
> > > task progress and sometimes they don't depending on the role logged
> > > in.
> > >
> > > Would it make sense to allow all roles to log events by default?
> > > I'm
> > > not sure what security problems would arise given that it is just a
> > > log and they would be tagged as external events.
> >
> > Hi Christopher, our security model implies a black-list,
> 
> oops, I meant white-list of course ....
> 

That's what I figured. :)

> so, I don;t
> > think this is possible
> > But still, a super-user can of course give the permission to add new
> > events to all Roles in the system and you will have the same result.
> > Does that make sense ?
> >

That does make sense. We'll likely just try to use the API to log events when starting a task and if we receive an error we can bubble that up to the user letting them know that they need to either get the right permission or accept that they won't get messages in the oVirt log while the task completes.

> > >
> > > -Chris
> > >
> > >
> > > -----Original Message-----
> > > From: engine-devel-bounces at ovirt.org
> > > [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Eli Mesika
> > > Sent: Monday, November 19, 2012 7:24 AM
> > > To: engine-devel
> > > Subject: [Engine-devel] Design review summary for 3.2 - adding
> > > support for External Events
> > >
> > > Discussion : http://wiki.ovirt.org/wiki/Talk:ExternalEvents
> > > Updated Design :
> > > http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents#Fu
> > > ture_directions
> _______________________________________________
> > > Engine-devel mailing list
> > > Engine-devel at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > >
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> >