Meican should have means to authorize certain user to only see certain domains

atlanticwave-sdx / sdx-meican

Other

0 stars 1 forks source link

Meican should have means to authorize certain user to only see certain domains #59

Open italovalcy opened 1 month ago

italovalcy commented 1 month ago

As we discussed on AHM Aug 2024, it would be interesting to authorize certain users to visualize only certain domains. Each topology object already include the domain which that object belongs. Meican can leverage that information and the Meican Admin could allow certain users to see certain domains.

SDX-Controller will provide an API for listing the domain.

usmanazFIU commented 1 week ago

@italovalcy this is the API @congwang09 gave me http://aw-sdx-controller.renci.org:8081/SDX-Controller/ui/#/topology/get_topology. I am not sure how to use this API in achieving what is discussed above.

usmanazFIU commented 1 week ago

the topology object contains an attribute "name": "Ampath-OXP", is it something to do with that?

italovalcy commented 1 week ago

@italovalcy this is the API @congwang09 gave me http://aw-sdx-controller.renci.org:8081/SDX-Controller/ui/#/topology/get_topology. I am not sure how to use this API in achieving what is discussed above.

Usman,

I saw another API endpoint there which seems to fit better our needs: http://aw-sdx-controller.renci.org:8081/SDX-Controller/ui/#/topology/get_topology_domains

This idea basically is

get a list of all domains from SDX-Controller
have an screen on Mexican which allow the Meican Admin to authorize certain user to have access to certain domains (based on the output from item 1) -- by default the user has access to everything, unless the Meican Admin change that to only have access to listed domains
when displaying the topology, only Nodes, Ports and Links that belong to a authorized domain should be displayed to the user
When creating L2VPN, the user will be allowed to create services when the endpoint is authorized

usmanazFIU commented 1 week ago

referring to point no 3 : in the toplogy JSON which attribute identifies that the port and nodes belongs to a particular domain?

italovalcy commented 1 week ago

referring to point no 3 : in the toplogy JSON which attribute identifies that the port and nodes belongs to a particular domain?

the ID. For instance:

  "nodes": [
    {
      "name": "Sax01",
      "id": "urn:sdx:node:sax.net:Sax01",
      "location": {
        "address": "Fortaleza",
        "latitude": -3,
        "longitude": -40,
        "iso3166_2_lvl4": "BR-CE",
        "private": []
      },
      "ports": [
        {
          "id": "urn:sdx:port:sax.net:Sax01:41",
          "name": "Sax01-eth41",
          "node": "urn:sdx:node:sax.net:Sax01",
          "type": "10GE",
          "status": "up",
...

In the case above, the node id is urn:sdx:node:sax.net:Sax01 which means this node particularly belongs to the domain sax.net. Same applies for the port urn:sdx:port:sax.net:Sax01:41, this port belongs to sax.net domain