search

apache / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network
https://trafficcontrol.apache.org/
Apache License 2.0
1.06k stars 340 forks source link

[TC-470] Profile&parameters Tenancy #935

Open limited opened 7 years ago

limited commented 7 years ago

We have recently added "tenancy" to the project.
With tenancy, every resource have a tenant, where resource can be a delivery-service, a server (future) and even a user.
We are now starting to enforce access-control based on the resource tenancy. A user can manage a resource only if the resource is under the user tenancy.

This JIRA deals with "profiles&parameters as a resource" - adding the tenancy to these objects and enforcing access control for their management. It is required for completeing the DS tenancy phase, as the DS points to a profile that we would not like out of tenant users to modify.
We still need to finalize the specification of this access control, and it would not be included in the first phase of tenancy introduction.

Author: Nir Sopher JIRA Link: https://issues.apache.org/jira/browse/TC-470

mitchell852 commented 3 years ago

We can potentially extend tenancy to profiles of type=DS profiles but extending it to all profiles/parameters goes against the design of TC where servers/profiles/parameters are intended to be used across the entire system. thoughts @nir-sopher ?

nir-sopher commented 3 years ago

Hi Jeremy, This is indeed a delicate issue. The final target I had in mind is that everything has tenancy. There are tenants that deals with DSes and Tenants that deal with infra. For now the infra does not need tenancy. I would try to have 2 different type of profiles/parameters: ds and infra. DS profiles/parameters tenancy is enforced while infra profiles/parameters tenancy isn't.

On Tue, Nov 17, 2020, 18:35 Jeremy Mitchell notifications@github.com wrote:

We can potentially extend tenancy to profiles of type=DS profiles but extending it to all profiles/parameters goes against the design of TC where servers/profiles/parameters are intended to be used across the entire system. thoughts @nir-sopher https://github.com/nir-sopher ?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/apache/trafficcontrol/issues/935#issuecomment-729047734, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFY2IYEKKAIDJKNQL6BE6RTSQKQ3RANCNFSM4DYXOXPQ .