Juca, I think Lucas is correct, Alerts has the multi-tenancy model
built in and so requires a tenantId on everything. We already have a
standalone distribution (for use outside of Hawkular) that drives off of
the Hawkular-Tenant header, so I guess we would just continue to use
that mechanism in all cases. I guess that means we may drop the
h-accounts dependency but I will discuss further with Lucas and we'll
continue to monitor the accounts changes.
Lucas, this may further drive the need for schema refactoring because if
we only receive a single tenant on everything coming from MIQ, we will
get very little data distribution.
On 4/25/2016 3:31 AM, Lucas Ponce wrote:
----- Mensaje original -----
> De: "Juraci Paixão Kröhling" <jpkroehling(a)redhat.com>
> Para: "Lucas Ponce" <lponce(a)redhat.com>, "Discussions around
Hawkular development" <hawkular-dev(a)lists.jboss.org>
> Enviados: Lunes, 25 de Abril 2016 9:22:21
> Asunto: Re: [Hawkular-dev] What are your Authentication and Authorization needs?
> On 25.04.2016 09:13, Lucas Ponce wrote:
>> For alerting, all model is tenant-based, and I don't see that aspect is
>> going to change (or we can change it without a major refactor).
> There won't be any more tenancy information coming from Accounts,
> because there won't be any tenancy information coming to Accounts :) I'm
> afraid you'd have to change it.
>> So, no new security requeriments from this component, internally we work
>> with the tenant that is translated from hawkular accounts (or taken from a
>> header in standalone scenarios).
> Your clients (MiQ, Ruby gem, UI, ...) will have to know about tenants
> and send it to Alerts on the payload. Accounts won't touch it.
> If you (and other components) *require* tenancy information for some
> concrete use case, we might discuss how we could handle it in a common
> way to all components. Otherwise, I'd just assume that the same
> requirement you had for multi tenancy went away when the requirement for
> multi tenancy on Accounts went away.
> - Juca.
So, if I interpret correctly, it seems that the change will be that we should handle the
tenant aspect explictly as we do for standalone scenarios.
Well, that's not a big change at all, I think we covered that usecase with the
hawkular-dev mailing list