Hi Min, For for master, we don’t have any code freeze currently, I think merge request/reviews are not mandatory and I was confident with the changes so I pushed it on master.
After Daan’s email I did testing at my end (I’ve bunch of zotac zboxes to do the local testing, it was already failing for some vm lifecycle stuff so I hope it not my stuff breaking anything), then fixed cloudmonkey for certain pre-existing issues (nothing related to the refactoring) and pushed it to master. This was just refactoring, nothing should break and no change is expected for clients except two: - apidocs no longer required hardcoded entries, serialization is done by the same Api response serializer - on non-authenticated port (8096/integration) calls to login/logout etc. will fail with 405 (method not available), i.e. the Authentication cmds are not allowed to run execute() (since they extend BaseCmd, this hack just for the doc stuff and to follow the existing API convention) The refactoring was not a lot of work or change and I was able to pull this off yesterday within few hours so I think there may look like whole bunch of commits and files, but nothing new was introduced. Once you go through the com.cloud.api.auth package and the wiki you’ll see it just tries to introduce extensions for new/existing login/logout mechanisms. Advise on the merge request workflow, do we follow anything? Cheers. On 12-Aug-2014, at 10:52 pm, Min Chen <min.c...@citrix.com> wrote: > Hi Rohit, > My understanding is that you will do this on your feature branch > "auth-refactor", then merge them after passing at least some CI automation > tests. Today, I saw all these commits already in master: > > 10 hours ago Rohit YadavDefaultLoginAPIAuthenticatorCmd: return userId > as UUID commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavutils: fix pom.xml to have references for > javax.servlet... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiServer: take UTF_8 and other static vars from > HttpUtils commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiServlet: use HttpUtils instead of class > specific... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiResponseSerializer: Use HttpUtils instead of > BaseCmd commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavBaseCmd: Use HttpUtils to have single source of > static... commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavutils: refactor HTTP transport stuff to > HttpUtils commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiServletTest: Fix test, now login/logout have > their... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavAPIAuthenticator: refactor signature of > APIAuthenticato... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiServlet: move setting of response type up in > the... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiXmlDocWriter: get rid of hardcoded > login/logout... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiServlet: use the new and refactored > authentication... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiXmlDocWriter: remove hardcoded login and > logout... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiResponseSerializer: Skip extra boxing for > Auth responses commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavresponse: add command response for login and > logout... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavAPIAuthenticationManagerImpl: add the auth > manager... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavDefaultLoginAPIAuthenticatorCmd: Refactor and > implement... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavDefaultLogoutAPIAuthenticatorCmd: Refactor and > implemen... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavAPIAuthenticationManager: Add Auth manager > definition commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavAPIAuthenticationType: Add auth enum type, login > or... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavAPIAuthenticator: Add interface definition for > the... commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavsaml2: add opensaml as dependency commit | > commitdiff | tree | snapshot > 10 hours ago Rohit Yadavcommands.properties: add > login,logout,samlsso,samlslo... commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiErrorCode: Add API error code 401, 405 > commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavApiConstants: add Api constant registered > commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavsaml2: add spring security saml2 extension > 1.0.0.RELEASE commit | commitdiff | tree | snapshot > 10 hours ago Rohit Yadavclient: add saml2 plugin dependency on client > artifact commit | commitdiff | tree | snapshot > 10 hours ago Rohit YadavCLOUDSTACK-7083: Add SAML2 SSO plugin skeleton > and... commit | commitdiff | tree | snapshot > > > Are these commits related to the refactor you are talking about here? Why > are they not going through some merge request? > > Thanks > -min > > On 8/12/14 2:10 AM, "Rohit Yadav" <rohit.ya...@shapeblue.com> wrote: > >> This was done: >> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Authentication+Refa >> ctoring >> >> This is the branch: >> https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;a=shortlog;h=refs >> /heads/auth-refactor >> >> Updates: >> - Every auth mechanism now implements as a APICommand but these are >> special APIs are not allowed to execute, i.e. the execute() method >> returns with an error >> - Existing tests were fixed >> - We no longer need to hardcode login/logout for doc generation etc. >> - Api discovery now has login/logout docs etc as well >> - Since these APIs are tightly coupled with cloud-server artifact, except >> for responses all the interface definitions etc are within cloud-server >> - This allows for implementation of other login mechanisms such as saml, >> oauth, something-custom etc. though implementing it as a plugin is still >> tricky now >> >> I¹ve tested UI and cloudmonkey on port 8080 and 8096, with apikey/secret >> keys but would welcome help around this area from anyone. I¹ll merge the >> branch later this week if no one objects. >> >> Cheers. >> >> On 12-Aug-2014, at 5:50 am, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: >> >>> Hi, >>> >>> The way we handle login and logout is hardcoded and since there is no >>> APICommand/BaseCmd implementation the apidoc, apidiscovery and other >>> don¹t discover these apis. For supporting SAML as an authentication >>> mechanism, I¹ve refactored the Auth mechanism as a pluggable service >>> that loads with api-server artifact and both login and logout are now >>> implemented as a pseduo BaseCmd classes. >>> >>> I call them pseudo because their execute() is never called, the >>> authentication guards in ApiServlet class make sure we call an >>> authenticate method of such classes. Since, they are tightly coupled >>> with cloud-server¹s ApiServlet it only made sense to have the interface >>> definition and implementation within the same package/artifact as well. >>> This also solves the apidoc issue for login/logout and saml related auth >>> apis. >>> >>> I¹ll merge them after sometime and continue working on saml stuff. Will >>> push the code in the branch ³auth-refactor² in an hour for >>> review/testing now. This does not break anything and should not cause >>> any auth related issues for all existing clients. >>> >>> Any suggestions, feedback welcome! Refactoring was pretty straight >>> forward but I¹ll make sure to write a wiki page on this before merging >>> to master. >>> >>> Regards, >>> Rohit Yadav >>> Software Architect, ShapeBlue >>> M. +41 779015219 | rohit.ya...@shapeblue.com >>> Blog: bhaisaab.org | Twitter: @_bhaisaab >>> >>> >>> >>> Find out more about ShapeBlue and our range of CloudStack related >>> services >>> >>> IaaS Cloud Design & >>> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >>> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/> >>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >>> CloudStack Infrastructure >>> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >>> CloudStack Bootcamp Training >>> Courses<http://shapeblue.com/cloudstack-training/> >>> >>> This email and any attachments to it may be confidential and are >>> intended solely for the use of the individual to whom it is addressed. >>> Any views or opinions expressed are solely those of the author and do >>> not necessarily represent those of Shape Blue Ltd or related companies. >>> If you are not the intended recipient of this email, you must neither >>> take any action based upon its contents, nor copy or show it to anyone. >>> Please contact the sender if you believe you have received this email in >>> error. Shape Blue Ltd is a company incorporated in England & Wales. >>> ShapeBlue Services India LLP is a company incorporated in India and is >>> operated under license from Shape Blue Ltd. Shape Blue Brasil >>> Consultoria Ltda is a company incorporated in Brasil and is operated >>> under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company >>> registered by The Republic of South Africa and is traded under license >>> from Shape Blue Ltd. ShapeBlue is a registered trademark. >> >> Regards, >> Rohit Yadav >> Software Architect, ShapeBlue >> M. +41 779015219 | rohit.ya...@shapeblue.com >> Blog: bhaisaab.org | Twitter: @_bhaisaab >> >> >> >> Find out more about ShapeBlue and our range of CloudStack related services >> >> IaaS Cloud Design & >> Build<http://shapeblue.com/iaas-cloud-design-and-build//> >> CSForge rapid IaaS deployment framework<http://shapeblue.com/csforge/> >> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> >> CloudStack Infrastructure >> Support<http://shapeblue.com/cloudstack-infrastructure-support/> >> CloudStack Bootcamp Training >> Courses<http://shapeblue.com/cloudstack-training/> >> >> This email and any attachments to it may be confidential and are intended >> solely for the use of the individual to whom it is addressed. Any views >> or opinions expressed are solely those of the author and do not >> necessarily represent those of Shape Blue Ltd or related companies. If >> you are not the intended recipient of this email, you must neither take >> any action based upon its contents, nor copy or show it to anyone. Please >> contact the sender if you believe you have received this email in error. >> Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue >> Services India LLP is a company incorporated in India and is operated >> under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is >> a company incorporated in Brasil and is operated under license from Shape >> Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of >> South Africa and is traded under license from Shape Blue Ltd. ShapeBlue >> is a registered trademark. Regards, Rohit Yadav Software Architect, ShapeBlue M. +41 779015219 | rohit.ya...@shapeblue.com Blog: bhaisaab.org | Twitter: @_bhaisaab Find out more about ShapeBlue and our range of CloudStack related services IaaS Cloud Design & Build<http://shapeblue.com/iaas-cloud-design-and-build//> CSForge – rapid IaaS deployment framework<http://shapeblue.com/csforge/> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/> CloudStack Infrastructure Support<http://shapeblue.com/cloudstack-infrastructure-support/> CloudStack Bootcamp Training Courses<http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company registered by The Republic of South Africa and is traded under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
