[Engine-devel] Design review summary for 3.2 - adding support for External Events

Eli Mesika emesika at redhat.com
Tue Nov 20 04:16:05 UTC 2012



----- Original Message -----
> From: "Eli Mesika" <emesika at redhat.com>
> To: "Christopher Morrissey" <Christopher.Morrissey at netapp.com>
> Cc: "engine-devel" <engine-devel at ovirt.org>
> Sent: Monday, November 19, 2012 11:09:32 PM
> Subject: Re: [Engine-devel] Design review summary for 3.2 - adding support for	External Events
> 
> 
> 
> ----- Original Message -----
> > From: "Christopher Morrissey" <Christopher.Morrissey at netapp.com>
> > To: "Eli Mesika" <emesika at redhat.com>, "engine-devel"
> > <engine-devel at ovirt.org>
> > Sent: Monday, November 19, 2012 4:50:34 PM
> > Subject: RE: [Engine-devel] Design review summary for 3.2 - adding
> > support for	External Events
> > 
> > Hi Eli,
> > 
> > I've perused the design and it looks very good for the purpose of
> > adding events to the log as back end tasks on the NetApp VSC are
> > started and complete.
> > 
> > I do have one question. As part of the new UI plugin framework that
> > Vojtech is working on he added the capability to retrieve a session
> > ID that will be used outside of the oVirt engine to invoke REST API
> > calls. I'm assuming this session would have the same role as the
> > user that is currently logged in.
> > 
> > According to the event log design, only the Super user will have
> > permissions to add events by default. This would mean that if
> > anyone
> > other than the super user is logged in and performing any tasks
> > through the NetApp plugin, the server side of the VSC will likely
> > not be able to log events. This could be confusing for users as
> > sometimes they see events showing up giving them information on the
> > task progress and sometimes they don't depending on the role logged
> > in.
> > 
> > Would it make sense to allow all roles to log events by default?
> > I'm
> > not sure what security problems would arise given that it is just a
> > log and they would be tagged as external events.
> 
> Hi Christopher, our security model implies a black-list, 

oops, I meant white-list of course ....

so, I don;t
> think this is possible
> But still, a super-user can of course give the permission to add new
> events to all Roles in the system and you will have the same result.
> Does that make sense ?
> 
> > 
> > -Chris
> > 
> > 
> > -----Original Message-----
> > From: engine-devel-bounces at ovirt.org
> > [mailto:engine-devel-bounces at ovirt.org] On Behalf Of Eli Mesika
> > Sent: Monday, November 19, 2012 7:24 AM
> > To: engine-devel
> > Subject: [Engine-devel] Design review summary for 3.2 - adding
> > support for External Events
> > 
> > Discussion : http://wiki.ovirt.org/wiki/Talk:ExternalEvents
> > Updated Design :
> > http://wiki.ovirt.org/wiki/Features/Design/DetailedExternalEvents#Future_directions
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > 
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 



More information about the Engine-devel mailing list