Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id BF23018423 for ; Fri, 25 Mar 2016 12:34:58 +0000 (UTC) Received: (qmail 26353 invoked by uid 500); 25 Mar 2016 12:34:55 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 26296 invoked by uid 500); 25 Mar 2016 12:34:55 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 26273 invoked by uid 99); 25 Mar 2016 12:34:54 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Mar 2016 12:34:54 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 564FD18054D; Fri, 25 Mar 2016 12:34:54 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.109 X-Spam-Level: X-Spam-Status: No, score=0.109 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=persistentsystems.onmicrosoft.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id o-WwtPVLsqJ9; Fri, 25 Mar 2016 12:34:52 +0000 (UTC) Received: from HJ-SMTP-OUT.persistent.co.in (hjoutgoing.persistent.co.in [103.6.33.101]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 534F65F247; Fri, 25 Mar 2016 12:34:51 +0000 (UTC) X-AuditID: 0a2d0811-f79456d000000ebb-42-56f530612f87 Received: from mail.persistent.co.in (Unknown_Domain [10.44.252.65]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by HJ-SMTP-OUT.persistent.co.in (HJ-SMTP-OUT @ Persistent Systems Ltd.) with SMTP id 7D.F5.03771.16035F65; Fri, 25 Mar 2016 18:04:42 +0530 (IST) Received: from IND01-BO1-obe.outbound.protection.outlook.com (10.45.0.29) by ht.persistent.co.in (10.44.252.65) with Microsoft SMTP Server (TLS) id 14.3.123.3; Fri, 25 Mar 2016 18:04:38 +0530 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=persistentsystems.onmicrosoft.com; s=selector1-accelerite-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QE+hUGzW7hRaBqyZxMxyuApwfdn8p+naFr7DOK5225o=; b=FR+M2oTnyhQ3ZXeYJcpV6OpigNCrTjGjx2bTi5JjkvWe2HF5nF3UQH2AZMZDgbNQuVsol806H70pgN9BoiLQ6xpnwmSkRjeNfo+CdjEJPxliaT0HqTNKjKbZxfpe/4sMgxmY3sOJQ3MZ9uMV4QhlMr9fTLTT4S/oCvKwq2BxP4U= Received: from MAXPR01MB0186.INDPRD01.PROD.OUTLOOK.COM (10.164.149.140) by MAXPR01MB0188.INDPRD01.PROD.OUTLOOK.COM (10.164.149.142) with Microsoft SMTP Server (TLS) id 15.1.443.12; Fri, 25 Mar 2016 12:33:34 +0000 Received: from MAXPR01MB0186.INDPRD01.PROD.OUTLOOK.COM ([10.164.149.140]) by MAXPR01MB0186.INDPRD01.PROD.OUTLOOK.COM ([10.164.149.140]) with mapi id 15.01.0443.015; Fri, 25 Mar 2016 12:33:34 +0000 From: Koushik Das To: "dev@cloudstack.apache.org" , "users@cloudstack.apache.org" Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack Thread-Topic: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack Thread-Index: AQHRhSYcmO9GQoEIvE2iIrfiHSneM59qGist Date: Fri, 25 Mar 2016 12:33:33 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: cloudstack.apache.org; dkim=none (message not signed) header.d=none;cloudstack.apache.org; dmarc=none action=none header.from=accelerite.com; x-originating-ip: [25.164.147.4] x-ms-office365-filtering-correlation-id: e156ea55-32ed-46bd-a45b-08d354a9aec9 x-microsoft-exchange-diagnostics: 1;MAXPR01MB0188;5:oTCdQUiPBcKf7lYJt/qlDkOYyjK7929VY233i910OtowakDgTCwy8Rga+ZMNLziB+2ewx3SNaCBEmCSVn84mfaGZX0WZudsRLNT2ZbizdEo7jzb+YLQqmXUPRSPo1b5semMO9DoJ0qx9RujEUOKCUA==;24:PpSvcetb6WvY4zf7IoyMtxHvjhWuBxPgN+FBWNH+GVye2hjaNtaw2uN86qh+2OecFZM7aPXNysSyTAYn/4tT1psR8y+O37SYEzxrHkWAx0c= x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:MAXPR01MB0188; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(2401047)(5005006)(8121501046)(10201501046)(3002001);SRVR:MAXPR01MB0188;BCL:0;PCL:0;RULEID:;SRVR:MAXPR01MB0188; x-forefront-prvs: 0892FA9A88 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(53754006)(51414003)(377454003)(5002640100001)(2900100001)(3900700001)(2950100001)(33656002)(5008740100001)(77096005)(10400500002)(450100001)(54356999)(2501003)(76176999)(15975445007)(50986999)(102836003)(6116002)(3660700001)(3846002)(5001770100001)(107886002)(3280700002)(11100500001)(1220700001)(586003)(1096002)(189998001)(2906002)(5004730100002)(92566002)(19580405001)(66066001)(106116001)(122556002)(86362001)(87936001)(15974865002)(19580395003)(81166005)(5003600100002);DIR:OUT;SFP:1101;SCL:1;SRVR:MAXPR01MB0188;H:MAXPR01MB0186.INDPRD01.PROD.OUTLOOK.COM;FPR:;SPF:None;MLV:sfv;LANG:en; spamdiagnosticoutput: 1:23 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" content-transfer-encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2016 12:33:33.9434 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 1f4beacd-b7aa-49b2-aaa1-b8525cb257e0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MAXPR01MB0188 X-OriginatorOrg: accelerite.com X-Brightmail-Tracker: H4sIAAAAAAAAA3WSbUhTURjHObt387pana2sh2GwblRobbks28yJUkgvioYlUYHd7m56cd6t bWVJ4aKkd1KwQi1MCE2NhBy9muIqLYuSvmSjtNRC60OskkGldK93QRCdD4ff+Z/n+fM85zwU oWtV6Sle8HJugXHQKjWpXvor3bgrYTwvYbiKtASHVZbRynFVmmJdx5ETihy0zYdSGEFwehkv Z7BzHtZGp7Ms5+DcvChkcgWMw7CW97AOhi/m3LSBt9voFbTB5WBYrpgTvDaacbk4wU6nqg3/ rBQxjBcMnMA67bxQYKPX52YbLZaVVqOZTl20wJy4Wi3uO78oC4eO3VW63lH7Hz0/5EMtUSdR NAV4BZzpGFLKPAf6BlpVJ5Ga0mG/AsK1H5Ty4QGCtw0vo6QDiWsJ+NHTR8g3/QiuVExEch4j +Hn0HiGZqbAJqsoHVRLPxqXQ//48KfEszEJ301NC1u3guzqslHk5HA71KiQm8UJo7vwkxlCU Bu+AoN8qyTqcDKOfKqZSo/FqqH16Z8oSiXWHe69NpRJ4LgRH6hRyPxiutL8gZI6BseHJqXYQ bkLwpH48EmQAf/1NJHMW9D+uI6UgwO0K8AdPRV4mA+74uyNORRA62hrheDj+sEYhJzQi8Fc+ iJKqBhwLl14nyfopJYSPDxJy93o43N4UeYlYGH1zX1mB4mr+qlxmE/Sfq1LJvAQa6j8TEmuw Fp5Uj5CXEdmMYtdtMOZmbc4xZm/ZbHJxbg/v8YqzYmKdJl64gaSpNFLa2+h057IAwhSip2v2 h77n6ZTMPs+B4gACiqBna2YuG8/TaezMgVLO7cx373VwngDKFL+gktDHsE5Bssw3J1qt1oRV SYmJSWbzf2R6riakD+XpcIE45EUcJ1b0x05BRet9KGNorKlna3Lw55olaV8DWeF56YPf9Qs1 /uSz+efKbWnbmZiuAW34hHXxs7I+vi1kCc8pupD0bc8rv60mbYbvYX6LNmPyUmHKhP5Wbold yPxYdvFFpxC47Dg/VrmmbVNvXFeuZcFQiXbget229699x3ZvrB7J0kz7kX27cf7nSergNZr0 FDLmeMLtYX4D5TiqMcIDAAA= The idea looks good. I have provided some questions/comments on the FS itsel= f. Thanks, Koushik ________________________________________ From: Rohit Yadav Sent: Wednesday, March 23, 2016 10:34 PM To: dev@cloudstack.apache.org Cc: users@cloudstack.apache.org Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Check= er for CloudStack Hi all, I want to propose a new feature for CloudStack, dynamic role-based API acces= s checker. This feature will allow us to migrate rules define in commands.pr= operties file to database, while role management (such as creating/editing r= oles, adding/removing rules) won't require restarting management server(s). Please find more details in the FS here: https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+AP= I+Access+Checker+for+CloudStack I look forward to your comments, suggestions and questions. Thanks. Regards, Rohit Yadav Regards, Rohit Yadav rohit.yadav@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue DISCLAIMER =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D This e-mail may contain privileged and confidential information which is the= property of Accelerite, a Persistent Systems business. It is intended only= for the use of the individual or entity to which it is addressed. If you ar= e not the intended recipient, you are not authorized to read, retain, copy,= print, distribute or use this message. If you have received this communicat= ion in error, please notify the sender and delete all copies of this message= . Accelerite, a Persistent Systems business does not accept any liability fo= r virus infected mails.