[one-users] Instanciate cloned templates with restricted attributes

[Simon Boulet]

How can a user instantiate a cloned template that contains restricted
attributes?

My experiments shows that restricted attributes prevent templates owned by
a group other than the oneadmin group from being instantiated if it
contains a restricted attribute. A user could successfully Clone a oneadmin
template that as a restricted attributes, but it wont be able to
instantiate unless it deletes the restricted attribute from the template
before instantiating it.

In my use case, say I want to force my users in using uniform VM types that
have a set amount of MEMORY and CPU, while still allowing them to
instantiate templates with custom CONTEXT attributes. My first thought was
to set the MEMORY and CPU attributes as restricted. But, it wont work,
because my users while being allowed to Clone a template and set the
CONTEXT attributes they want, won't be able to instantiate their final
template, because their template also contains the MEMORY and CPU
attributes from the original source template they cloned.

Any clues how I can achieve that?

I thought one option could be to add a 4th parameter to the
one.template.instantiate API call to allow users to pass attributes to be
merged with the template. Those attributes could be matched against the
list of restricted attribute, and if no restricted attributes are found,
the attributes would be merged against the source template before being
instantiated.

Thanks

Simon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20121216/771aa5cf/attachment.htm>