<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<font face="Calibri">Juca, I think Lucas is correct, Alerts has the
multi-tenancy model built in and so requires a tenantId on
everything. We already have a standalone distribution (for use
outside of Hawkular) that drives off of the Hawkular-Tenant
header, so I guess we would just continue to use that mechanism in
all cases. I guess that means we may drop the h-accounts
dependency but I will discuss further with Lucas and we'll
continue to monitor the accounts changes.<br>
<br>
Lucas, this may further drive the need for schema refactoring
because if we only receive a single tenant on everything coming
from MIQ, we will get very little data distribution.<br>
<br>
</font><br>
<div class="moz-cite-prefix">On 4/25/2016 3:31 AM, Lucas Ponce
wrote:<br>
</div>
<blockquote
cite="mid:62209943.4681477.1461569516237.JavaMail.zimbra@redhat.com"
type="cite">
<pre wrap="">
----- Mensaje original -----
</pre>
<blockquote type="cite">
<pre wrap="">De: "Juraci Paixão Kröhling" <a class="moz-txt-link-rfc2396E" href="mailto:jpkroehling@redhat.com"><jpkroehling@redhat.com></a>
Para: "Lucas Ponce" <a class="moz-txt-link-rfc2396E" href="mailto:lponce@redhat.com"><lponce@redhat.com></a>, "Discussions around Hawkular development" <a class="moz-txt-link-rfc2396E" href="mailto:hawkular-dev@lists.jboss.org"><hawkular-dev@lists.jboss.org></a>
Enviados: Lunes, 25 de Abril 2016 9:22:21
Asunto: Re: [Hawkular-dev] What are your Authentication and Authorization needs?
On 25.04.2016 09:13, Lucas Ponce wrote:
</pre>
<blockquote type="cite">
<pre wrap="">For alerting, all model is tenant-based, and I don't see that aspect is
going to change (or we can change it without a major refactor).
</pre>
</blockquote>
<pre wrap="">
There won't be any more tenancy information coming from Accounts,
because there won't be any tenancy information coming to Accounts :) I'm
afraid you'd have to change it.
</pre>
<blockquote type="cite">
<pre wrap="">So, no new security requeriments from this component, internally we work
with the tenant that is translated from hawkular accounts (or taken from a
header in standalone scenarios).
</pre>
</blockquote>
<pre wrap="">
Your clients (MiQ, Ruby gem, UI, ...) will have to know about tenants
and send it to Alerts on the payload. Accounts won't touch it.
If you (and other components) *require* tenancy information for some
concrete use case, we might discuss how we could handle it in a common
way to all components. Otherwise, I'd just assume that the same
requirement you had for multi tenancy went away when the requirement for
multi tenancy on Accounts went away.
- Juca.
</pre>
</blockquote>
<pre wrap="">
So, if I interpret correctly, it seems that the change will be that we should handle the tenant aspect explictly as we do for standalone scenarios.
Well, that's not a big change at all, I think we covered that usecase with the Hawkular-Tenant header.
_______________________________________________
hawkular-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:hawkular-dev@lists.jboss.org">hawkular-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/hawkular-dev">https://lists.jboss.org/mailman/listinfo/hawkular-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>