Usage retrieval authorization was: Re: [abacus] Usage submission authorization


Piotr Przybylski <piotrp@...>
 

Does the user who would like to see their usage (e.g. services in the organization they own) need to have 'abacus.usage.read' scope as discussed below? 

Piotr


-----Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS wrote: -----
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev@...>
From: Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS
Date: 10/15/2015 10:20PM
Subject: [cf-dev] Re: Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization

> what will be the scope for securing internal Abacus pipeline that Assk describes as system token ? 

It is 'abacus.usage.write'.

Updated my previous statements to make it more specific:

We have enabled scope based authorization for REST endpoints at usage collector and usage reporting service. While we are working on using system OAuth bearer access token at internal Abacus pipeline, Submitting usage to a secured Abacus needs a OAuth bearer access token with 'abacus.usage.write' system scope in addition to the resource provider specific scope(s) - 'abacus.usage.<resource_id>.write'.

Thanks,
Saravanakumar Srinivasan (Assk),


-----Piotr Przybylski/Burlingame/IBM@IBMUS wrote: -----
To: cf-dev@...
From: Piotr Przybylski/Burlingame/IBM@IBMUS
Date: 10/15/2015 09:50PM
Subject: [cf-dev] Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization

Makes sense, and just to complete - what will be the scope for securing internal Abacus pipeline that Assk describes as system token ? 

Piotr
 
 

----- Original message -----
From: Jean-Sebastien Delfino <jsdelfino@...>
To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev@...>
Cc:
Subject: [cf-dev] Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization
Date: Thu, Oct 15, 2015 9:11 PM
 
Hey Piotr,
 
To read usage I believe you'll need 'abacus.usage.read', as 'abacus.usage.write' is for, well... writing.
 
P.S. That reminds me of a period of my life long time ago when I was a contractor for some big company and they had hired me to write code for them but had not given me the authorization to read the confidential code I was writing :)
 
- Jean-Sebastien
 
On Thu, Oct 15, 2015 at 7:28 PM, Piotr Przybylski <piotrp@...> wrote:
Assk,
can you confirm that the same scope (abacus.usage.write) is sufficient to retrieve usage ? 

Piotr
 
< ... snip ...> 




Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.