[one-users] feature request: Instantiate as owner/group

Stefan Kooman stefan at bit.nl
Thu Feb 20 14:14:02 PST 2014

Quoting Carlos Martín Sánchez (cmartin at opennebula.org):
> Hi,
> On Mon, Feb 17, 2014 at 3:28 PM, Stefan Kooman <stefan at bit.nl> wrote:
> > Hi List,
> >
> > I would like to have the ability to instantiate a vm (or create one
> > based on a template) on behalf of a user and/or group. At submission
> > time oned/sched would check if the user has suitable permissions on all
> > of the resources defined in the template and otherwise fail, i.e.:  the
> > same way "servers authentication" work (section C, [1]).  Currently
> > you're able to chown the vm to a user/group but this does not ensure the
> > user has enough permissions to re-create or re-instantiate the same
> > template later on.
> >
> > Gr. Stefan
> >
> > [1]:
> >
> > http://docs.opennebula.org/stable/administration/authentication/external_auth.html?highlight=authentication
> Maybe this could be implemented as a special type of sunstone login,
> instead of an option to perform certain actions. So you could enter your
> oneadmin credentials + the username you want to log in as.

Basically a sudo like feature. Currently I'm instantiating most vm's
with sunstone but this will change in the future. We will be deploying
vm's with a "adm" tool talking to the XML-RPC interface (and our own
internal systems). In that case you would miss out on the "sudo"
feature. Cli would also benefit from having this functionality
implemented at a "lower" level.

Gr. Stefan

| BIT BV  http://www.bit.nl/        Kamer van Koophandel 09090351
| GPG: 0xD14839C6                   +31 318 648 688 / info at bit.nl

More information about the Users mailing list