Feature #821

VDC admin : no Users dashboard in sunstone

Added by Patrice Lachance about 8 years ago. Updated almost 6 years ago.

Status:ClosedStart date:09/22/2011
Priority:HighDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution: Pull request:

Description

Hello,

Not sure if it is a bug related to sunstone or auth module but just in case...
According to the documentation, the VDC admin defined at VDC creation should be allowed to create users in the VDC. But user dashboard not displayed in sunstone when login in as the VDC user admin defined in the VDC template.

$ onezone list
ID NAME ENDPOINT
1 zone1 http://127.0.0.1:2633/RPC2

$ onevdc list
ID NAME ZONEID
1 vdc1 1

$ onegroup list
ID NAME
0 oneadmin
1 users
100 grp1
101 vdc1

$ oneuser list
ID GROUP NAME PASSWORD
0 oneadmin oneadmin hash
1 grp1 usertst1 hash
2 vdc1 vdc1adm hash

$ oneacl list
ID USER RES_VHNIUTG RID OPE_CDUMIPpTWY
0 @1 V-NI-T- * C-----p---
1 @1 H---- * --U-------
2 @100 V-NI-T- * C-----p---
3 @100 H---- * --U-------
7 @101 V-NI-T- * C-----p---
8 #2 ----U-- * C---------
9 #2 ----U-- @101 D-MI----
10 @101 H---- #1 --U-------
11 @101 H---- #2 --U-------

Screenshot_-_20110922_005.png - Sunstone screenshot (27.9 KB) Patrice Lachance, 09/22/2011 07:37 AM

History

#1 Updated by Ruben S. Montero about 8 years ago

  • Assignee deleted (Hector Sanjuan)
  • Target version changed from Release 3.0 to Release 3.4

This is not done automatically by sunstone. The interaction of the VDC/Ozones service with the actual zone has been set to a minimum. Granting access to the users tab in sunstone to a given user (a vdcadmin) needs to modify the etc/sunstone-plugins.yaml file. Currently, this can not be done through the API and the VDC server may not have access to that file.

This issue needs a API call to modify the file.

This will be address at some point after 3.0 Release. Now the workaround:

1.- Manual modification of sunstone configuration file
2.- Use the CLI for this

Thanks for the feedback

#2 Updated by Patrice Lachance about 8 years ago

Is it the same with public templates? They are not accessible to VDC users?

#3 Updated by Patrice Lachance about 8 years ago

Humm strange, I made some other tests:
- public templates created by oneadmin (admin of the zone) are not visible in VDC
- private templates created by vdcadmin are visible to all users of the vdc group (@101)

$ oneacl list
ID USER RES_VHNIUTG RID OPE_CDUMIPpTWY
0 @1 V-NI-T- * C-----p---
1 @1 H---- * --U-------
2 @100 V-NI-T- * C-----p---
3 @100 H---- * --U-------
7 @101 V-NI-T- * C-----p---
8 #2 ----U-- * C---------
9 #2 ----U-- @101 D-MI----
10 @101 H---- #1 --U-------
11 @101 H---- #2 --U-------
13 @101 -----T- * --U-------

#4 Updated by Ruben S. Montero about 8 years ago

Patrice LACHANCE wrote:

Humm strange, I made some other tests:
- public templates created by oneadmin (admin of the zone) are not visible in VDC
- private templates created by vdcadmin are visible to all users of the vdc group (@101)

$ oneacl list
ID USER RES_VHNIUTG RID OPE_CDUMIPpTWY
0 @1 V-NI-T- * C-----p---
1 @1 H---- * --U-------
2 @100 V-NI-T- * C-----p---
3 @100 H---- * --U-------
7 @101 V-NI-T- * C-----p---
8 #2 ----U-- * C---------
9 #2 ----U-- @101 D-MI----
10 @101 H---- #1 --U-------
11 @101 H---- #2 --U-------
13 @101 -----T- * --U-------

Yes that's the idea. Templates by oneadmin belongs to the oneadmin group so users in the VDC can not see them. Templates by the VDC admin belongs to the vdc gorup so users in the VDC can see them.

#5 Updated by Ruben S. Montero about 8 years ago

Ruben S. Montero wrote:

Patrice LACHANCE wrote:

Humm strange, I made some other tests:
- public templates created by oneadmin (admin of the zone) are not visible in VDC
- private templates created by vdcadmin are visible to all users of the vdc group (@101)

$ oneacl list
ID USER RES_VHNIUTG RID OPE_CDUMIPpTWY
0 @1 V-NI-T- * C-----p---
1 @1 H---- * --U-------
2 @100 V-NI-T- * C-----p---
3 @100 H---- * --U-------
7 @101 V-NI-T- * C-----p---
8 #2 ----U-- * C---------
9 #2 ----U-- @101 D-MI----
10 @101 H---- #1 --U-------
11 @101 H---- #2 --U-------
13 @101 -----T- * --U-------

Yes that's the idea. Templates by oneadmin belongs to the oneadmin group so users in the VDC can not see them. Templates by the VDC admin belongs to the vdc gorup so users in the VDC can see them.

Forgot to mention that as for 3.0 PUBLIC means public for the group. This is a way to share resources within your group. Cloud-wise sharing is not supported easily now. We are considering in using SHARED (for your group) and PUBLIC (for the world)

#6 Updated by Patrice Lachance about 8 years ago

According to http://opennebula.org/doc/3.0/cli/onetemplate.1.html, unpublished template can't be instantiated by any other user. That is indeed the case.

But clicking on it brings the following error
"[TemplateInfo] User [4] : Not authorized to perform INFO TEMPLATE [1]" and the progress bar

It would be better if the unpublished template were hidden to avoid those unnecessary and confusing errors messages.

#7 Updated by Tino Vázquez about 8 years ago

  • Tracker changed from Bug to Feature

#8 Updated by Ruben S. Montero almost 8 years ago

  • Target version deleted (Release 3.4)

#9 Updated by Carlos Martín over 6 years ago

  • Category changed from Sunstone to 18

Now that we have sunstone views in 4.0, maybe the ozones server should somehow enable a customized view for the vdcadmin.

#10 Updated by Ruben S. Montero over 6 years ago

  • Target version set to Release 4.2

#11 Updated by Ruben S. Montero over 6 years ago

  • Target version changed from Release 4.2 to Release 4.4

#12 Updated by Ruben S. Montero almost 6 years ago

  • Target version deleted (Release 4.4)

#13 Updated by Ruben S. Montero almost 6 years ago

This should be working. Anyway, ozones will undergo a major redesign and this will be addressed

#14 Updated by Ruben S. Montero almost 6 years ago

  • Status changed from New to Closed

Also available in: Atom PDF