cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Date Fri, 25 Mar 2016 15:47:33 GMT
you know you are great, right?

On Fri, Mar 25, 2016 at 2:10 PM, Rohit Yadav <rohit.yadav@shapeblue.com>
wrote:

> Hi Daan,
>
> Thanks for the comments.
>
> Yes, I looked into it but the IAM-services related work started by some of
> our former colleagues was not in a good shape to be picked up, it also
> introduced resource level fine-grain ACLs that would have required a lot of
> effort to both implement and test thoroughly.
>
> The proposed solution is not the final solution to the rbac problem, but
> aims to solve for role/account management issues for operators while
> ensuring strict backward compatibility, an upgrade path from static based
> system to a db-backed dynamic system and allows scope for future
> improvements.
>
> To share some progress, the feature implementation so far looks promising
> and I'm trying to nail down the edges around upgrade process.
> I'm also investing a lot of time of marvin tests to ensure high quality
> delivery of this feature.
>
> Regards.
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London  WC2N 4HSUK
> @shapeblue
>
> -----Original Message-----
> From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
> Sent: Friday, March 25, 2016 12:55 PM
> To: dev <dev@cloudstack.apache.org>
> Cc: users@cloudstack.apache.org
> Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
> Checker for CloudStack
>
> Rohit, I had a first glance and it looks promising; +1 You have been
> thourough on the fs. One question that comes to mind is whatever happened
> to the role base access That Min and Pradhi(not sure if I remeber her name
> correctly) where implementing for 4.4. It failed then because the work was
> taking much more effort then estimated but it was pushed to git.wip-us. Did
> you look at thaat work?
>
> On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <rohit.yadav@shapeblue.com>
> wrote:
>
> > Hi all,
> >
> > I want to propose a new feature for CloudStack, dynamic role-based API
> > access checker. This feature will allow us to migrate rules define in
> > commands.properties file to database, while role management (such as
> > creating/editing roles, adding/removing rules) won't require
> > restarting management server(s).
> >
> > Please find more details in the FS here:
> >
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba
> > sed+API+Access+Checker+for+CloudStack
> >
> > I look forward to your comments, suggestions and questions. Thanks.
> >
> > Regards,
> > Rohit Yadav
> >
> > Regards,
> >
> > Rohit Yadav
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London  WC2N 4HSUK @shapeblue
> >
>
>
>
> --
> Daan
>



-- 
Daan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message