Jump to: navigation, search

Trove/datastore-visibility

< Trove
Revision as of 21:40, 19 May 2014 by Iccha-sethi (talk | contribs) (ReST API)

Description

This blueprint suggests adding a visibility attribute to the datastore versions. This enables the datastore to be still active, but not visible to the users.

Blueprint: https://blueprints.launchpad.net/trove/+spec/datastore-visibility

Justification/Benefits

There might be some datastores, which the deployers require to be active but not visible to customers in production environment. This visibility flag ensures that only the datastore versions which have been marked as public are visible in the list. Example use case: Say we want to have an active datastore A in production and not expose it to customers yet. The visibility flag will ensure it is visible on the datastore list call only to admins.

Impacts

Configuration

None

Database

This involves

  • database migration of adding a column visibility to the datastore_versions table.
  • new table datastore_version_members which columns - id, datastore_version_id, tenant

ReST API

A. visibility attribute to the datastore version. It can be public/private.
B. adding a datastore version members table to add tenants for private datastores.

(1) If visibility is public, then
all users 

*can view it in the list and 
*make a GET call on the datastore version

all admin 

*can view it in the list and 
*make a GET call on the datastore version



(2) If visibility is private, then
users who are members of the datastore version 

*can view it in the list and 
*make a GET call on the datastore version

all admin 

*can view it in the list and 
*make a GET call on the datastore version
*add and remove tenants as members of a datastore version



Admin calls related to datastore version members
1. Add a member
POST /{tenant_id}/datastores/{datastore}/versions/{id}/members
{"member": "<TENANT_ID>"}

2. Delete a member
DELETE /{tenant_id}/datastores/{datastore}/versions/{id}/members/{member_id}

3. Get a member
GET /{tenant_id}/datastores/{datastore}/versions/{id}/members/{member_id}

Response:
{ "datastore_version_members": { "id": "<MEMBER_ID>", "datastore_version_id": "<DATASTORE_VERSION_ID>", "member": "<TENANT_ID>" } }

4. List members for datastore version
GET /{tenant_id}/datastores/{datastore}/versions/{id}/members
Response:
{ "datastore_version_members":[ { "id": "<MEMBER_ID>", "datastore_version_id": "<DATASTORE_VERSION_ID>", "member": "<TENANT_ID>" }, { "id": "<MEMBER_ID>", "datastore_version_id": "<DATASTORE_VERSION_ID>", "member": "<TENANT_ID>" }] }

5. Get members by tenant id
GET /{tenant_id}/datastores/{datastore}/versions/members/{tenant_id}

Response:
{ "datastore_version_members":[ { "id": "<MEMBER_ID>", "datastore_version_id": "<DATASTORE_VERSION_ID>", "member": "<TENANT_ID>" }, { "id": "<MEMBER_ID>", "datastore_version_id": "<DATASTORE_VERSION_ID>", "member": "<TENANT_ID>" }] }

Comments/Questions From Community

FAQ:

(1) Why is the flag a string visibility vs a boolean is_public?
In glance, we have is_public as a boolean flag. But as we started introducing new features like image sharing, we realized that having a boolean made it harder to add more visibility related features. Hence, in order to keep it extensible, the visibility flag. The currently supported values for it will be 'public' which are visible to users and 'private' which are not visible to users.

(2)What happens if a user that is not added as a member tries to create an instance with a datastore version whose visibility is private,i.e. gets hold of the UUID of the hidden datastore version?
The create will fail. It will behave like the datastore version does not exist.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Trove/datastore-visibility&oldid=52724"