On Thu, Mar 31, 2011 at 07:14:12PM +0800, Daniel Veillard wrote:
On Thu, Mar 31, 2011 at 11:30:03AM +0100, Daniel P. Berrange wrote:
> On Wed, Mar 30, 2011 at 09:50:19PM +0800, Daniel Veillard wrote:
> > On Wed, Mar 30, 2011 at 09:39:14PM +0800, Osier Yang wrote:
> > > For these situations, we need to do checking and throw
> > > straightforward warnings to tell user why it can't be
> > > removed/wiped.
> >
> > I would rather make this a flag of virDomainUndefine(), except
> > there is no flag argument for it :(
>
> I don't think this is a good idea. Applications should directly call
> the storage APIs for this, so that when we adding RBAC support to
> our APIs, we get correct access control checks on *each* volume
> being deleted / wiped. We won't want the 'undefine' API for a VM
> to be side-stepping the volume access controls.
Well if the user don't have the resource to wipe all the volumes,
fail the operation. Simple thing should stay simple even if we allow
for more complex ones.
Error reporting is an even bigger problem, because if wiping some vols
failed, but other succeeded, it is impossible for the caller to know
what was actually done.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|