Juca,  I think Lucas is correct, Alerts has the multi-tenancy model built in and so requires a tenantId on everything.   We already have a standalone distribution (for use outside of Hawkular) that drives off of the Hawkular-Tenant header, so I guess we would just continue to use that mechanism in all cases.  I guess that means we may drop the h-accounts dependency but I will discuss further with Lucas and we'll continue to monitor the accounts changes.

Lucas, this may further drive the need for schema refactoring because if we only receive a single tenant on everything coming from MIQ, we will get very little data distribution.


On 4/25/2016 3:31 AM, Lucas Ponce wrote:

----- Mensaje original -----

De: "Juraci Paixão Kröhling" <jpkroehling@redhat.com>
Para: "Lucas Ponce" <lponce@redhat.com>, "Discussions around Hawkular development" <hawkular-dev@lists.jboss.org>
Enviados: Lunes, 25 de Abril 2016 9:22:21
Asunto: Re: [Hawkular-dev] What are your Authentication and Authorization needs?

On 25.04.2016 09:13, Lucas Ponce wrote:

For alerting, all model is tenant-based, and I don't see that aspect is
going to change (or we can change it without a major refactor).

There won't be any more tenancy information coming from Accounts,
because there won't be any tenancy information coming to Accounts :) I'm
afraid you'd have to change it.


So, no new security requeriments from this component, internally we work
with the tenant that is translated from hawkular accounts (or taken from a
header in standalone scenarios).

Your clients (MiQ, Ruby gem, UI, ...) will have to know about tenants
and send it to Alerts on the payload. Accounts won't touch it.

If you (and other components) *require* tenancy information for some
concrete use case, we might discuss how we could handle it in a common
way to all components. Otherwise, I'd just assume that the same
requirement you had for multi tenancy went away when the requirement for
multi tenancy on Accounts went away.

- Juca.


So, if I interpret correctly, it seems that the change will be that we should handle the tenant aspect explictly as we do for standalone scenarios.

Well, that's not a big change at all, I think we covered that usecase with the Hawkular-Tenant header.




_______________________________________________
hawkular-dev mailing list
hawkular-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/hawkular-dev