Create multi-attribute based endpoint groups for projects and user assignments
The Multi-Attribute Endpoint Grouping proposal allows endpoints to be grouped accordingly to one or more characteristics. For instance endpoints can be located in different regions, and for this reason it could be beneficial group them using this attribute. At the same time there could be endpoints that are administrative in nature and should be used by admins only regardless of their geographical location. Using this proposal it would be possible to create a USAdmin, EuropeAdmin and AsiaAdmin groups to include all the endpoints that follow the above mentioned characteristics.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- Medium
- Drafter:
- Fabio Giannetti
- Direction:
- Needs approval
- Assignee:
- Bob Thyne
- Definition:
- New
- Series goal:
- Accepted for juno
- Implementation:
-
Implemented
- Milestone target:
-
2014.2
- Started by
- Steve Martinelli
- Completed by
- Dolph Mathews
Related branches
Related bugs
Sprints
Whiteboard
Addressed by: https:/
Addressed by: https:/
Addressed by: https:/
implements bp multi-attribute
The introduction of a Multi-Attribute Grouping for Services' Endpoints brings several benefits:
1) Endpoints now have a semantic association that distinguishes them from other endpoints for the role they play (e.g. Administration, Computing, RegionA, etc...)
2) Endpoints can belong to several groups. This increases the level of granularity and visibility of Endpoints to different users reducing the amount of explicit relationships.In this case, for instance, certain endpoints should be visible to storage service users but only in the region they are located. It is now possible to create a Storage group and a RegionA, RegionB and RegionC groups and associate relevant endpoints to both. To enforce that a User1 in RegionB sees only the Storage endpoints the query will use the two attributes to find the relevant endpoints in the compound group.
3) Projects and Users within a project, can now be associated with Endpoints' Groups defining the users that are granted to use only the resources assigned to them.
*** CRUD for Endpoint-Groups
1. Create Endpoint-Group data
POST /endpoint-groups/
The payload of the request will have the following JSON structure:
{ endpoint-group: {
name : <name>,
filters : {
}
}
}
2. Read Endpoint-Group data
GET /endpoint-
This will return the following JSON in the response body
{ endpoint-group: {
id : <id>,
name : <name>,
filters : {
}
}
}
3. Update Endpoint-Group
PATCH /endpoint-
The payload of the request will have the following JSON structure:
{ endpoint-group: {
id : <id>,
name : <name>,
filters : {
}
}
}
4. Delete Endpoint-Group
DELETE /endpoint-
*** List all the existing Endpoint-Groups
This API will return all the existing groups
GET /endpoint-groups
This will return the following JSON in the response body
{ endpoint-groups:
{ endpoint-group: {
id : <id>,
name : <name>,
filters : {
}
}
},
...
{ endpoint-group: {
id : <id>,
name : <name>,
filters : {
}
}
}
}
*** Projects to Endpoint-Group associations API
1. Create the association between project and Endpoint-Group
PUT /projects/
2. Check to see if the project is associated with the given Endpoint-Group
HEAD /projects/
3. List all the Endpoint-Groups associated with a project
GET /projects/
4. Remove an association between Endpoint-Group and project.
DELETE /projects/
*** Create Endpoint-Group Grant to User on Project APIs
1. Create Endpoint-Group Grant to User on Project
PUT /projects/
2. Check Endpoint-Group Grant to User on Project
HEAD /projects/
3. List all the Endpoint-Groups associated with a project
GET /projects/
4. Remove an association between Endpoint-Group and project.
DELETE /projects/
*** List all the Endpoints associated with a Endpoint-Group
This will return a list of endpoints that are associated with a particular Endpoint-Group. This means that the endpoints matches all the attribute values (and relationship) that are expressed in the Endpoint-Group's filters.
GET /endpoint-
*** List all the Projects associated with a Endpoint-Group
This will return a list of projects that are associated with a particular Endpoint-Group. This means that the projects have been specifically linked to this Endpoint-Group.
GET /endpoint-
Gerrit topic: https:/
Addressed by: https:/
Implementation of Endpoint Grouping
