From cc7e9eed7e1340729109983f79200557df22296b Mon Sep 17 00:00:00 2001 From: Sebastien Goasguen Date: Thu, 6 Jun 2013 09:29:57 -0400 Subject: [PATCH] [GSoC]: Added Ian Duffy's proposal to guide --- docs/en-US/CloudStack_GSoC_Guide.xml | 1 + docs/en-US/gsoc-imduffy15.xml | 395 +++++++++++++++++++++++++++ 2 files changed, 396 insertions(+) create mode 100644 docs/en-US/gsoc-imduffy15.xml diff --git a/docs/en-US/CloudStack_GSoC_Guide.xml b/docs/en-US/CloudStack_GSoC_Guide.xml index 91c2967fc45..b7ba61f8ee4 100644 --- a/docs/en-US/CloudStack_GSoC_Guide.xml +++ b/docs/en-US/CloudStack_GSoC_Guide.xml @@ -47,6 +47,7 @@ + diff --git a/docs/en-US/gsoc-imduffy15.xml b/docs/en-US/gsoc-imduffy15.xml new file mode 100644 index 00000000000..652152fcc4b --- /dev/null +++ b/docs/en-US/gsoc-imduffy15.xml @@ -0,0 +1,395 @@ + + +%BOOK_ENTITIES; +]> + + + + + Ians's 2013 GSoC Proposal + This chapter describes Ians 2013 Google Summer of Code project within the &PRODUCT; ASF project. It is a copy paste of the submitted proposal. +
+ LDAP user provisioning + + "Need to automate the way the LDAP users are provisioned into cloud stack. This will mean better + integration with a LDAP server, ability to import users and a way to define how the LDAP user + maps to the cloudstack users." + +
+
+ Abstract + + The aim of this project is to provide an more effective mechanism to provision users from LDAP + into cloudstack. Currently cloudstack enables LDAP authentication. In this authentication users + must be first setup in cloudstack. Once the user is setup in cloudstack they can authenticate + using their LDAP username and password. This project will improve Cloudstack LDAP integration + by enabling users be setup automatically using their LDAP credential + +
+
+ Deliverables + + + Service that retrieves a list of LDAP users from a configured group + + + Extension of the cloudstack UI "Add User" screen to offer user list from LDAP + + + Add service for saving new user it details from LDAP + + + BDD unit and acceptance automated testing + + + Document change details + + +
+
+ Quantifiable Results + + + + + Given + An administrator wants to add new user to cloudstack and LDAP is setup in cloudstack + + + When + The administrator opens the "Add User" screen + + + Then + A table of users appears for the current list of users (not already created on cloudstack) from the LDAP group displaying their usernames, given name and email address. The timezone dropdown will still be available beside each user + + + + + + + + + + Given + An administrator wants to add new user to cloudstack and LDAP is not setup in cloudstack + + + When + The administrator opens the "Add User" screen + + + Then + The current add user screen and functionality is provided + + + + + + + + + + Given + An administrator wants to add new user to cloudstack and LDAP is setup in cloudstack + + + When + The administrator opens the "Add User" screen and mandatory information is missing + + + Then + These fields will be editable to enable you to populate the name or email address + + + + + + + + + + Given + An administrator wants to add new user to cloudstack, LDAP is setup and the user being created is in the LDAP query group + + + When + The administrator opens the "Add User" screen + + + Then + There is a list of LDAP users displayed but the user is present in the list + + + + + + + + + + Given + An administrator wants to add a new user to cloudstack, LDAP is setup and the user is not in the query group + + + When + The administrator opens the "Add User" screen + + + Then + There is a list of LDAP users displayed but the user is not in the list + + + + + + + + + + Given + An administrator wants to add a group of new users to cloudstack + + + When + The administrator opens the "Add User" screen, selects the users and hits save + + + Then + The list of new users are saved to the database + + + + + + + + + + Given + An administrator has created a new LDAP user on cloudstack + + + When + The user authenticates against cloudstack with the right credentials + + + Then + They are authorised in cloudstack + + + + + + + + + + Given + A user wants to edit an LDAP user + + + When + They open the "Edit User" screen + + + Then + The password fields are disabled and cannot be changed + + + + + +
+
+ The Design Document + + + LDAP user list service + + + + name: ldapUserList + + + responseObject: LDAPUserResponse {username,email,name} + + + parameter: listType:enum {NEW, EXISTING,ALL} (Default to ALL if no option provided) + + + Create a new API service call for retreiving the list of users from LDAP. This will call a new + ConfigurationService which will retrieve the list of users using the configured search base and the query + filter. The list may be filtered in the ConfigurationService based on listType parameter + + + + LDAP Available Service + + + + name: ldapAvailable + + + responseObject LDAPAvailableResponse {available:boolean} + + + Create a new API service call veriying LDAP is setup correctly verifying the following configuration elements are all set: + + + ldap.hostname + + + ldap.port + + + ldap.usessl + + + ldap.queryfilter + + + ldap.searchbase + + + ldap.dn + + + ldap.password + + + + + + LDAP Save Users Service + + + + name: ldapSaveUsers + + + responseObject: LDAPSaveUsersRssponse {list]]>} + + + parameter: list of users + + + Saves the list of objects instead. Following the functionality in CreateUserCmd it will + + + Create the user via the account service + + + Handle the response + + + It will be decided whether a transation should remain over whole save or only over individual users. A list of UserResponse will be returned. + + + + Extension of cloudstack UI "Add User" screen + + + + Extend account.js enable the adding of a list of users with editable fields where required. The new "add user" screen for LDAP setup will: + + + Make an ajax call to the ldapAvailable, ldapuserList and ldapSaveUsers services + + + Validate on username, email, firstname and lastname + + + + + + Extension of cloudstack UI "Edit User" screen + + + + Extend account.js to disable the password fields on the edit user screen if LDAP available, specifically: + + + Make an ajax call to the ldapAvailable, ldapuserList and ldapSaveUsers services + + + Validate on username, email, firstname and lastname. Additional server validation will nsure the password has not changed + + + +
+
+ Approach + + To get started a development cloudstack environment will be created with DevCloud used to verify changes. Once the schedule is agreed with the mentor the deliverables will be broken into small user stories with expected delivery dates set. The development cycle will focus on BDD, enforcing all unit and acceptance tests are written first. + + + A build pipe line for continious delivery environment around cloudstack will be implemented, the following stages will be adopted: + + + + + + Stage + Action + + + + + Commit + Run unit tests + + + Sonar + Runs code quality metrics + + + Acceptance + Deploys the devcloud and runs all acceptance tests + + + Deployment + Deploy a new management server using Chef + + + + +
+
+ About me + + I am a Computer Science Student at Dublin City University in Ireland. I have interests in virtualization, +automation, information systems, networking and web development + + + I was involved with a project in a K-12(educational) environment of moving their server systems over +to a virtualized environment on ESXi. I have good knowledge of programming in Java, PHP and +Scripting langages. During the configuration of an automation system for OS deployment I experienced +some exposure to scripting in powershell, batch, vbs and bash and configuration of PXE images based +of WinPE and Debian. +Additionally I am also a mentor in an opensource teaching movement called CoderDojo, we teach kids +from the age of 8 everything from web page, HTML 5 game and raspberry pi development. It's really +cool. + + + I’m excited at the opportunity and learning experience that cloudstack are offering with this project. + +
+