Locked Files for Cartridges in a Multi-Tenant Platform-as-a-Service (PaaS) System

US 20150193452A1
Filed: 02/19/2014
Published: 07/09/2015
Est. Priority Date: 01/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying, by a processing device of a multi-tenant Platform-a-a-Service (PaaS) system, an operation requested to be performed by the multi-tenant PaaS system;

determining, by the processing device, access contexts for the operation with respect to a cartridge associated with the identified operation, the access context comprising a user or component that is attempting to access a file of the cartridge for the identified operation;

accessing, by the processing device, a locked files manifest of the cartridge, the locked files manifest identifying at least one of files or directories of the cartridge to which a cartridge author of the cartridge restricts access to application developers utilizing the cartridge to execute an application; and

applying, by the processing device, access permissions to the cartridge according to the determined access contexts and the locked files manifest.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Implementations for locked files for cartridges in a multi-tenant Platform-as-a-Service (PaaS) system are disclosed. A method of the disclosure includes identifying, by a processing device of a multi-tenant Platform-a-a-Service (PaaS) system, an operation requested to be performed by the multi-tenant PaaS system, determining access contexts for the identified operation with respect to a cartridge associated with the operation, the access context comprising a user or component that is attempting to access a file of the cartridge for the identified operation, accessing a locked files manifest of the cartridge, the locked files manifest identifying at least one of files or directories of the cartridge to which a cartridge author of the cartridge restricts access to application developers utilizing the cartridge to execute an application, and applying access permissions to the cartridge according to the determined access contexts and the locked files manifest.

16 Citations

View as Search Results

20 Claims

1. A method, comprising:
- identifying, by a processing device of a multi-tenant Platform-a-a-Service (PaaS) system, an operation requested to be performed by the multi-tenant PaaS system;
  
  determining, by the processing device, access contexts for the operation with respect to a cartridge associated with the identified operation, the access context comprising a user or component that is attempting to access a file of the cartridge for the identified operation;
  
  accessing, by the processing device, a locked files manifest of the cartridge, the locked files manifest identifying at least one of files or directories of the cartridge to which a cartridge author of the cartridge restricts access to application developers utilizing the cartridge to execute an application; and
  
  applying, by the processing device, access permissions to the cartridge according to the determined access contexts and the locked files manifest.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the cartridge provides functionality to execute the application on the multi-tenant PaaS system, the functionality comprising at least one of configuration templates, scripts, dependencies, and one or more features to add to the application.
  - 3. The method of claim 1, wherein the user comprises at least one of the cartridge author or the application developer, and wherein the component comprises a broker component of the multi-tenant PaaS system.
  - 4. The method of claim 3, wherein the applying the access permissions further comprises:
    - allowing the cartridge author access to the files and directories of the cartridge; and
      
      allowing an application developer restricted access to the files and directories identified in the locked files manifest, wherein the application developer utilizes the cartridge to execute the application on the multi-tenant PaaS system.
  - 5. The method of claim 4, wherein the restricted access comprises read-only access to the files identified in the locked files manifest, and a prohibition on adding or deleting files from the directories identified in the locked files manifest.
  - 6. The method of claim 1, wherein the applying the access permissions further comprises, when the operation is at least one of a create gear or a delete gear operation, prohibiting the cartridge author and the application developer from accessing the cartridge.
  - 7. The method of claim 1, wherein the applying the access permissions further comprises, when the operation is at least one of setup cartridge operation or a teardown cartridge operation:
    - granting the cartridge author access to the cartridge; and
      
      prohibiting the application developer from accessing the cartridge.
  - 8. The method of claim 1, wherein the applying the access permissions further comprises, when the operation is at least one of a start cartridge operation, stop cartridge operation, or build application operation:
    - granting the cartridge author access to the cartridge; and
      
      granting the application developer restricted access to the cartridge, the restricted access comprising read-only access to the files identified in the locked files manifest, and a prohibition on adding or deleting files from the directories identified in the locked files manifest.

9. A system, comprising:
- a memory; and
  
  a processing device communicably coupled to the memory; and
  
  a broker executable from the memory by the processing device, the broker to manage a multi-tenant Platform-as-a-Service (PaaS) system and to;
  
  identify an operation requested to be performed by the multi-tenant PaaS system;
  
  determine access contexts for the operation with respect to a cartridge associated with the identified operation, the access context comprising a user or component that is attempting to access a file of the cartridge for the identified operation;
  
  access a locked files manifest of the cartridge, the locked files manifest identifying at least one of files or directories of the cartridge to which a cartridge author of the cartridge restricts access to application developers utilizing the cartridge to execute an application; and
  
  apply access permissions to the cartridge according to the determined access contexts and the locked files manifest.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the cartridge provides functionality to execute the application on the multi-tenant PaaS system, the functionality comprising at least one of configuration templates, scripts, dependencies, and one or more features to add to the application.
  - 11. The system of claim 9, wherein the user comprises at least one of the cartridge author or the application developer, and wherein the component comprises a broker component of the multi-tenant PaaS system.
  - 12. The system of claim 11, wherein the broker to apply the access permissions further comprises the broker to:
    - allow the cartridge author access to the files and directories of the cartridge; and
      
      allow an application developer restricted access to the files and directories identified in the locked files manifest, wherein the application developer utilizes the cartridge to execute the application on the multi-tenant PaaS system;
      
      wherein the restricted access comprises read-only access to the files identified in the locked files manifest, and a prohibition on adding or deleting files from the directories identified in the locked files manifest.
  - 13. The system of claim 9, wherein the broker to apply the access permissions further comprises the broker to, when the operation is at least one of a create gear or a delete gear operation, prohibit the cartridge author and the application developer from accessing the cartridge.
  - 14. The system of claim 9, wherein the broker to apply the access permissions further comprises the broker to, when the operation is at least one of setup cartridge operation or a teardown cartridge operation:
    - grant the cartridge author access to the cartridge; and
      
      prohibit the application developer from accessing the cartridge.
  - 15. The system of claim 9, wherein the broker to apply the access permissions further comprises the broker to, when the operation is at least one of a start cartridge operation, stop cartridge operation, or build application operation:
    - grant the cartridge author access to the cartridge; and
      
      grant the application developer restricted access to the cartridge, the restricted access comprising read-only access to the files identified in the locked files manifest, and a prohibition on adding or deleting files from the directories identified in the locked files manifest.

16. A non-transitory machine-readable storage medium including instructions that, when accessed by a processing device, cause the processing device to perform operations comprising:
- identifying, by the processing device of a multi-tenant Platform-a-a-Service (PaaS) system, an operation requested to be performed by the multi-tenant PaaS system;
  
  determining, by the processing device, access contexts for the identified operation with respect to a cartridge associated with the operation, the access context comprising a user or component that is attempting to access a file of the cartridge for the identified operation;
  
  accessing, by the processing device, a locked files manifest of the cartridge, the locked files manifest identifying at least one of files or directories of the cartridge to which a cartridge author of the cartridge restricts access to application developers utilizing the cartridge to execute an application; and
  
  applying, by the processing device, access permissions to the cartridge according to the determined access contexts and the locked files manifest.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory machine-readable storage medium of claim 16, wherein the cartridge provides functionality to execute the application on the multi-tenant PaaS system, the functionality comprising at least one of configuration templates, scripts, dependencies, and one or more features to add to the application.
  - 18. The non-transitory machine-readable storage medium of claim 16, wherein the applying the access permissions further comprises, when the operation is at least one of a create gear or a delete gear operation, prohibiting the cartridge author and the application developer from accessing the cartridge.
  - 19. The non-transitory machine-readable storage medium of claim 16, wherein the applying the access permissions further comprises, when the operation is at least one of setup cartridge operation or a teardown cartridge operation:
    - granting the cartridge author access to the cartridge; and
      
      prohibiting the application developer from accessing the cartridge.
  - 20. The non-transitory machine-readable storage medium of claim 16, wherein the applying the access permissions further comprises, when the operation is at least one of a start cartridge operation, stop cartridge operation, or build application operation:
    - granting the cartridge author access to the cartridge; and
      
      granting the application developer restricted access to the cartridge, the restricted access comprising read-only access to the files identified in the locked files manifest, and a prohibition on adding or deleting files from the directories identified in the locked files manifest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Honce, Jhon, McGrath, Michael

Granted Patent

US 9,742,838 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/3409   for performance assessment

G06F 16/122   using management policies b...

G06F 16/178   Techniques for file synchro...

G06F 16/182   Distributed file systems

G06F 16/219   Managing data history or ve...

G06F 16/2329   using versioning

G06F 2009/45595   Network integration; Enabli...

G06F 2209/544   Remote

G06F 8/656   while running

G06F 9/45558   Hypervisor-specific managem...

G06F 9/541   via adapters, e.g. between ...

H04L 41/082   the condition being updates...

H04L 63/08   for authentication of entit...

H04L 67/06   specially adapted for file ...

H04L 67/10   in which an application is ...

H04L 67/34   involving the movement of s...

Locked Files for Cartridges in a Multi-Tenant Platform-as-a-Service (PaaS) System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Locked Files for Cartridges in a Multi-Tenant Platform-as-a-Service (PaaS) System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links