Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [geclipse-dev] Supporting AWS infrastructure in g-Eclipse
Hi there
And for S3
 - ACL management (think read/write access for S3 bucket)

My current solution would be to create a custom view to manage these
infrastructure elements.
        
no, at least not for ACLs, these go into the core UI stuff, they apply
to all middlewares!
      
elaborate please
    
well, sorry i was in a hurry and i though it was clear enough ;-)
what i mean is that we do not want a middleware specific handling of ACLs, 
all midlewares have some sort of ACLs in one place or another...

For instance gLite in SRM/LFC, on VOMS entries, GRIA on all services (ok, 
they call it PBAC), AWS on S3 buckets...

So my plan was simple, a context menu action "Manage access rights" (or 
manage permissions?) on all elements of the project tree which support 
ACLs which opens a dialog allowing to manage the ACLs

But you know it already anyway because you asked me via private email...
so... you should know that i already invested time investigating the 
different usecases to support and that my results are summarized in the 
few interfaces that i committed into   core.accesscontrol
(ehy! they are even fully documented ;-)

Perhaps they are not general enough or you found them to be fully flawed, 
but instead of starting a discussion from zero you should have provided 
feedback!

And yes, i analyzed Amazon S3, GRIA PBAC, glite stuff,... and tried to look 
around a bit also.
This is a good thing... From your private mail i was under the impression that you sketched out something but didn't really have the time to do a proper implementation. Therefore i thought discussing this issue in public is a good thing to do. Furthermore it allows me/other people to see what is demanded of such a functionality from other aspects/middlewares of the geclipse project.

Speaking of ACL... this is only one part of the mail i wrote to start this thread. The administrative features i described for EC2 don't really fit into this right/write access schema. And actually those are the ones i wanted to get feedback on the most since i agree that the S3 ACLs are very much suited for a generic approach. To recap... these are the things i am concerned about in EC2:

- Keypair Management (allows login into a EC2 instance without password)
   Keypairs are created (registered) and deleted and by creating produce a pk file
- Security Management (think firewall)
   Security groups are created/deleted and rules are added to this group (open port 80 for ip 1.2.3.4)
- Elastic IPs (attached IP address which survives an instance restart)
   fixed ips are added to running instances

So any feedback on how to integrate these management functionalities?

greets
Moritz

Back to the top