Feature #407
manage user groups
| Status: | Closed | Start date: | 11/11/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Carlos Martín | % Done: | 0% | |
| Category: | Core & System | |||
| Target version: | Release 3.0 | |||
| Resolution: | fixed | Pull request: |
Description
one should manage user groups so that a team can manage the vms all together.
Cloud is a feature used by (research) teams for their work, especially with private cloud. Users should be able to group themselves to manage their vms. We have to think on VMs in a team context.
A "onegroup" as "oneuser" could be created. Admin would create groups on user request, and add a user to the group. Then user could add other users to the group (should their be an admin group or should all users of the group be admin of the group ? I would rather choose the second option).
Then all users of the group could manage the VMs of the group (could be an optional parameter of the vm deployment file, the group notion should be optional at deployment, one user may want to keep some private VMs, or manage VMs for multiple groups).
Then for viewing or managing VMs, opennebula would check if vm is part of a group iand if user is part of this group.
Associated revisions
Feature #407: Code refactor, ObjectXML moved to main source tree
Feature #407: Host object uses new DB schema, storing the contents as XML
feature #407: Minor changes in Host class refactor
feature #407: Added xpath method to ObjectXML and tests
feature #407: Added static xpath access method and test
Feature #407: HostPool::discover updated to new DB schema, tests fixed
Feature #407: Use new xpath methods in Host unmarshall
Feature #407: Image uses new DB blob schema
feature #407: Added tests for from_xml methods
feature #407: Performance Test for the HostPool
Feature #407: Host code cleanup and better error checks
Feature #407: Image Allocation bug fixed, and test cleanup
Feature #407: Virtual Machine uses new xml blob DB schema
Feature #407: VM's last_seq deleted, it is not needed any more
Feature #407: VNet uses new XML DB schema
Feature #407: User object modified for new XML DB schema
Feature #407: Fix for UserPool initialization bug
feature #407: Refactor of base classes to include names and uid. Also the pool now has an index to get objects by name
feature #407: All resources now uses the base classes and index
feature #407: Several bug fixes. Better index for names.
feature #407: Removed uid from VirtualMachine class
feature #407: Minor changes in ImagePool
Feature #407: Let images have duplicated names if they are owned by different users
feature #407: Minor changes for the VirtualMachine Pool
Feature #407: Let vnets have duplicated names if they are owned by different users
Feature #407: Fix small mem. leak in Image
feature #407: Minor changes in VirtualNetwork Pool
Feature #407: Refactor of pool dumps to be performed in PoolSQL class
Feature #407: Refator of PoolObjectSQL class
feature #407: User pool uses de indexing methods of PoolSQL
feature #407: moved dump to .h
feature #407: fix minor leak in tests
Feature #407: ClusterPool is now a full PoolSQL class
Feature #407: Fix deadlock when adding a Host to a non existing Cluster
Feature #407: Tests for clusters and some minor host-cluster dependencies moved
Feature #407: Eliminate the extended flag for xml-rpc call one.vmpool.info
feature #407: Minor modification on Cluster and Host classes
feature #407: Solves deadlock in cluster-host pool interaction
Feature #407: Better duplicated name detection for Hosts
Feature #407: PoolSQL, remove unused variable and tests for name_pool index
Feature #407: Add cluster tests to do_tests.sh script
feature #407: Minor change in host allocate
Feature #407: Base implementation for groups.
So far groups can be managed, but resources can't be associated to a group.
Tasks done:
- New basic onegroup command
- RequestManager XML-RPC methods
- New group pool
- New GROUP authorization symbol
- Basic GroupPool tests
- Ruby OCA methods
Feature #407: Remove usernames from owned resources, only user-id is stored now.
Feature #407: Add 'GID' attribute to some pool objects; change *pool.info XML-RPC flag meaning; update onedb migrator; fix tests.
- VM, VMTEMPLATE, VNET & IMAGE objects have a GID attribute, and a table column. The group id is inherited from the user creating the object, except for VMs created from Templates, that inherit the Template's group.
- The new flag meaning has been modified in src/rm sources and CLI commands for one.(vm,template,vnet,image)pool.info . It changes from
-2 all, -1 mine & public, >=0 UID
to
-3 mine, -2 all, -1 mine & group - USER has a group, but not secondary ones. The user_pool table doesn't have a GID column, we'll deal with it later when the group-users relations are implemented.
- onedb migrator 1.rb: deleted USERNAME, and GID added.
Feature #407: Use Cluster-ids instead of cluster names for Hosts. Update onedb 1.rb, tests and CLI for this change
Feature #407: New XML-RPC, Ruby OCA & CLI method 'chown' for VM,TEMPLATE,NET,USER & IMAGE. Work in progress, only basic functionality without authorization or consistency checks.
feature #407: LastOID is private for the pools. Minor changes in Group classes
feature #407: order of uid, gid the same for constructors. Solved som issues with fix_times
feature #407: reuse cluster_id in function
Feature #407: * Chown method: destination user and group are checked, auth. manager request used. * New one.group.chown method. * New ObjectCollection class to store sets of IDs. * New RM user.addgroup user.delgroup methods, users and groups store a cross-reference ID set. * Clusters store a set of Host IDs. The RM part of the add/remove host functionality works, but should be re-done to avoid deadlocks. * Fix onedb schmea for template_pool table bug.
Feature #407: Fix tests
Feature #407: Update onedb for new group-user and cluster-host relations
feature #407: Moved implementation of ObjectCollection to cc file
feature #407: Prevent some deadlocks when adding/removing users from groups
feature #407: Fixes Host related tests
feature #407: new CHOWN operation in AuthManager
feature #407: Added mixing unlock when dropping image
feature #407: Users gets the gid of user performing the allocate if not oneadmin. Group are added to users groups in constructor. Groups are updated in user allocate
feature #407: Changed implementation for user.chown. Removed host.chown. set_gid/uid in PoolObjectSQL does not check gid. Old groups updated when changing users primary groups
feature #407: Removed cluster help. Removed cluster file references from installer
feature #407: Removed man page from scons file
feature #407: Groups are created before users to add oneadmin to oneadmin group
feature #407: Fixed bug in user allocate
feature #407: Fixes Image tests. persistent method returns 0 (not true) for successful operations
feature #407: Fixes tests for Users. Groups are added in allocate
feature #407: Recover checks when changing groups
Feature #407: Started adding Sunstone support to chown, chgrp, groups
Feature #407: Added Sunstone support to template update in Templates and Images.
Fixed other issues, indents, tabs...
Feature #407: Code clean up
Tabs removed, whitespaces removed, corrected indentation etc...
Feature #407: Let users see their own group information, using 'onegroup show'
F #5217 Added ds requirements instantiate VM (#407)
- Added ds requirements instantiate VM
- Solved bug in VMGroup datatable cloud view
- F #5217 Added DS Requirements cloud view instantiate VM
- F #5217 Added SYSTEM filter in DS datatable
- F #5217 Made configurable ds and host datatables instantiate VM
(cherry picked from commit 5f35e0d0abc166ad0d824f1045bc160767349fe3)
History
#1
Updated by Carlos Martín over 10 years ago
This branch will be used to change the DB schema to a more NoSQL approach.
That will provide more flexibility to add this kind of new features: groups, rights, quotas, or any other new attribute will be stored along with the rest of the objects as blobs (XML columns).
#2
Updated by Łukasz Oleś over 10 years ago
Would it be possible to add custom attributes(via cli or rpc)? It can be useful for plugins.
#3
Updated by Ruben S. Montero about 10 years ago
- Category set to Core & System
- Assignee set to Carlos Martín
- Target version set to Release 3.0
#4
Updated by Ruben S. Montero about 10 years ago
- Tracker changed from Request to Feature
#5
Updated by Carlos Martín about 10 years ago
- Status changed from New to Closed
- Resolution set to fixed
I'm closing this issue since the functionality has been merged to master and tested.
I've also opened another issue with Åukasz's request to add custom attributes to groups.