servicecatalog / oscm

An Enterprise-ready Cloud Services Management Software.
https://openservicecatalogmanager.org
Apache License 2.0
38 stars 14 forks source link

Approval trigger for other organizations #271

Closed GoebelL closed 4 years ago

GoebelL commented 5 years ago
  1. Check if and which users can be assigned to approve subscriptions of other customer organizations.
GoebelL commented 5 years ago

Generally OSCM triggers can be approved by administrators of the organization owning the process. For suspending subscription triggers this is the organization of the customer who creats the subscription. This is based on fundamental design of organizations and multi-tenancy isolation in OSCM.

Nevertheless, OSCM provides for building approval workflows, which can span across different organization units. OSCM provides for organization units as structuring elements of an organization. This allows for modelling organization structures with many units, like an enterprise organization with many divisions and departments, where each unit can act in their own scope. Every organization unit in OSCM has one or more unit administrators, who each are responsible for administrating the users, subscriptions and services within their respective unit.

Using organization units allows to integrate subscription approval processes in OSCM, which involve different parties. For example: A subscription manager requests a IaaS subscription for the IT department unit, which has to be approved from the Account Management unit. First after the approval is granted the service is available for the IT unit.

GoebelL commented 5 years ago

It might be a viable idea to enhance the OSCM trigger handling in direction to support an external approval flow that works in following steps:

  1. The service manager S of a supplier organization defines 'create subscription trigger' definition in the administration portal
  2. The subscription manager or administrator SM of a customer organization subscribes a service from supplier S in the marketplace
  3. The requested subscription is supended and waiting for approval
  4. A trigger process is created for the supplier that is presented to the service manager S in the administration portal
  5. For the approval, the service manager S locates the waiting trigger process for the subscription in the administration portal and uses the respective approve link.
  6. The subscription is created in status 'active' and accessible for the customer in the marketplace portal

Such change request is feasable with a moderate effort.

farmakiG commented 5 years ago

The two following options were considered for offering the requested feature:

  1. Provide an external tool for approvals for suppliers.
  2. Extend the existing OSCM functionality and portal to provide approvals for suppliers.

The effort for extending the OSCM functionality is moderate and the changes do not affect any external interface Web Service or REST Service, so it has been decided to follow the second option.

The required conceptual changes can be summarized as follows:

  1. The Trigger Type “SUBSCRIBE_TO_SERVICE” will be allowed for Suppliers.
  2. The approve action will be allowed for the role SERVICE_MANAGER.
  3. Furthermore, the approve action will be enhanced as follows: in case the caller is a supplier, it will check if the trigger process to be approved really belongs to one of the supplier’s waiting customer subscriptions.
  4. There will be an additional “Approve” button in the Account->Processes page in the marketplace.
  5. Alternatively (or additionally), a new menu entry and page “Approve Subscription” will be provided in the “Customer” area in the classic portal.

The effort for implementing the required code changes and tests has been estimated to two weeks.

GoebelL commented 4 years ago

See https://github.com/servicecatalog/oscm-approval