looks alright at first glance. did you considder IAM/is it going to give conflicts there? I don't suppose so as this work is more of a front end thing and IAM should be more based in the background but keep it in mind anyway;) No reason why you shouldn't merge, except feature freeze..
On Tue, Aug 12, 2014 at 11:10 AM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > This was done: > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refactoring > > This is the branch: > https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs/heads/auth-refactor > > Updates: > - Every auth mechanism now implements as a APICommand but these are special > APIs are not allowed to execute, i.e. the execute() method returns with an > error > - Existing tests were fixed > - We no longer need to hardcode login/logout for doc generation etc. > - Api discovery now has login/logout docs etc as well > - Since these APIs are tightly coupled with cloud-server artifact, except for > responses all the interface definitions etc are within cloud-server > - This allows for implementation of other login mechanisms such as saml, > oauth, something-custom™ etc. though implementing it as a plugin is still > tricky now > > I’ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret keys > but would welcome help around this area from anyone. I’ll merge the branch > later this week if no one objects. > > Cheers. > > On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > >> Hi, >> >> The way we handle login and logout is hardcoded and since there is no >> APICommand/BaseCmd implementation the apidoc, apidiscovery and other don’t >> discover these apis. For supporting SAML as an authentication mechanism, >> I’ve refactored the Auth mechanism as a pluggable service that loads with >> api-server artifact and both login and logout are now implemented as a >> pseduo BaseCmd classes. >> >> I call them pseudo because their execute() is never called, the >> authentication guards in ApiServlet class make sure we call an authenticate >> method of such classes. Since, they are tightly coupled with cloud-server’s >> ApiServlet it only made sense to have the interface definition and >> implementation within the same package/artifact as well. This also solves >> the apidoc issue for login/logout and saml related auth apis. >> >> I’ll merge them after sometime and continue working on saml stuff. Will push >> the code in the branch “auth-refactor” in an hour for review/testing now. >> This does not break anything and should not cause any auth related issues >> for all existing clients. >> >> Any suggestions, feedback welcome! Refactoring was pretty straight forward >> but I’ll make sure to write a wiki page on this before merging to master. >> >> Regards, >> Rohit Yadav >> Software Architect, ShapeBlue >> M. +41 779015219 | rohit.ya...@shapeblue.com >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related services >> >> IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Infrastructure >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training >> Courses<http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views or >> opinions expressed are solely those of the author and do not necessarily >> represent those of Shape Blue Ltd or related companies. If you are not the >> intended recipient of this email, you must neither take any action based >> upon its contents, nor copy or show it to anyone. Please contact the sender >> if you believe you have received this email in error. Shape Blue Ltd is a >> company incorporated in England & Wales. ShapeBlue Services India LLP is a >> company incorporated in India and is operated under license from Shape Blue >> Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil >> and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a >> company registered by The Republic of South Africa and is traded under >> license from Shape Blue Ltd. ShapeBlue is a registered trademark. > > Regards, > Rohit Yadav > Software Architect, ShapeBlue > M. +41 779015219 | rohit.ya...@shapeblue.com > Blog: bhaisaab.org | Twitter: @_bhaisaab > > > > Find out more about ShapeBlue and our range of CloudStack related services > > IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> > CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> > CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> > CloudStack Infrastructure > Support<http://shapeblue.com/cloudstack-infrastructure-support/> > CloudStack Bootcamp Training > Courses<http://shapeblue.com/cloudstack-training/> > > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of Shape Blue Ltd or related companies. If you are not the > intended recipient of this email, you must neither take any action based upon > its contents, nor copy or show it to anyone. Please contact the sender if you > believe you have received this email in error. Shape Blue Ltd is a company > incorporated in England & Wales. ShapeBlue Services India LLP is a company > incorporated in India and is operated under license from Shape Blue Ltd. > Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is > operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company > registered by The Republic of South Africa and is traded under license from > Shape Blue Ltd. ShapeBlue is a registered trademark. -- Daan
