papazach
commented
6 days ago Going through the API Reference docs I noticed some important points that at a glance seem incompatible with our auth/operation model and that we should definitely look into further.
The flow creating the subscription to Netdata Cloud after successful customer purchase looks as follows:
So in a nutshell the after the customer action (aka purchase) we will get a callback with some information, we will need to create entities/bindings etc and then respond with a predefined payload that includes credentials to acually access the SaaS that the customer purchased.
Issues / Questions
A) The request parameters do not include a customer email (issue no. 1). The closest identifier that is included is aliUid that is
The unique ID of the Alibaba Cloud account that purchases the SaaS productWe have no way to translate that to the underlying email. Looking at the Alibaba Cloud APIs we could do that only if we were ... the actual customer and had issued API credentials.
B) This is just a callback, it is not a customer redirection similar to the AWS integration. So we should synchronously create everything needed in our systems and respond. So the customer will not do anything here we will need to create everything behind the scenes and just return in the response credential information (more on that on point C). So the issue no. 2 here is kinda bigger aka:
- The customer will not be given the chance to attach the subscription to an existing space. The customer will not even be able to choose a space. We could theoretically create a new account on his behalf and attach it to its default space.
- But how are we going to create an account without an email (issue no.1) ? Everything account related from our side is connected to an email.
C) In the response we need to return a subscription identifier (that is ok) and an appInfo payload to access the newly purchased and created account and space.
appInfo looks like this:
The 2 issues I see with that are:
password: We do not even use passwords. We only have magic links and SSO aka password-less methods.authUrl: The docs mention that as:
The URL for logging on the SaaS product without authentication.We currently have no way to issue such a URL, but this could be the only issue that we could tackle.
Nevertheless, looking into the actual user-facing SaaS purchase journey here, I understand that we could only return the authUrl and the user would login directly from there.
Blockers
So finally I can summarize the blockers for this 1st flow in two major points:
- We have no customer email. We will need to reach out to an Alibaba Marketplace rep and ask if there is any way to retrieve it somehow. If not I think this is kinda of a show stopper or we need to rethink/rework our auth layer to work with usernames (?)
- The customer is not setting up his account/space himself, we should do it on his behalf. This means that Alibaba Marketplace purchases will only create a new account and attach the subscription to the default space of that account. What we could potentially do would be to also check if an account already exists with that given email (I take for granted that we obtained it somehow from point 1.) and attach it that account's default space.
Any thoughts/comments are welcome @ralphm / @juacker, @car12o / @sashwathn
Problem
We need to be on the Alibaba Cloud Global Marketplace.
Description
In our attempt to expand our partnerships, we intend to have Netdata listed and integrated with the Alibaba MarketPlace, allowing users to:
This will require an SPI integration and the documentation to this is available here https://www.alibabacloud.com/help/en/marketplace/spi-reference/ The main aspects that we need to identify and support are:
cc: @papazach @shyamvalsan @ktsaou
Importance
must have
Value proposition
Proposed implementation
No response