You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Kishan Kavala <Ki...@citrix.com> on 2013/03/21 10:29:43 UTC
[Discuss] ACL deny rules
I would like add support for ACL deny rules in VPC. Functional spec is available at [1] and jira ticket is [2].
As part of this feature, NetworkACLContainer will also be introduced to manage network ACLs.
This feature is item 2.16 in nTier Apps 2.0 requirements [3].
[1] https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+deny+rules
[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763
[3] https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0+Requirements
Re: [Discuss] ACL deny rules
Posted by Manan Shah <ma...@citrix.com>.
Thanks Kishan for your response. I would think the default should be deny
all. But if the users want to change the rules to make it permit-all with
a few deny rules before that, we should allow them to change that.
Regards,
Manan Shah
On 3/21/13 10:24 PM, "Kishan Kavala" <Ki...@citrix.com> wrote:
>Please find my response inline:
>
>> -----Original Message-----
>> From: Manan Shah [mailto:manan.shah@citrix.com]
>> Sent: Thursday, 21 March 2013 11:05 PM
>> To: dev@cloudstack.apache.org
>> Cc: Manan Shah
>> Subject: Re: [Discuss] ACL deny rules
>>
>> Thanks Kishan for sharing the FS. Below are some of my questions.
>>
>> 1. What is the default for an empty container? Is it allow all or deny
>>all?
>
>[KK] Default is deny all. Same as before. Should it be editable or
>just read-only?
>
>> 2. Can you describe the behaviour for upgrades?
>[KK] Upgrade behaviour is already mentioned in the spec.
>
>> 3. Can you also make sure that deletion of Containers will be blocked
>>when
>> containers are attached to Tiers?
>[KK] Added this to the spec.
>
>>
>> Regards,
>> Manan Shah
>>
>>
>>
>>
>> On 3/21/13 2:29 AM, "Kishan Kavala" <Ki...@citrix.com> wrote:
>>
>> >I would like add support for ACL deny rules in VPC. Functional spec is
>> >available at [1] and jira ticket is [2].
>> >As part of this feature, NetworkACLContainer will also be introduced to
>> >manage network ACLs.
>> >
>> >This feature is item 2.16 in nTier Apps 2.0 requirements [3].
>> >
>> >[1]
>> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+d
>> eny
>> >+ru
>> >les
>> >[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763
>> >[3]
>> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0
>> +R
>> >equ
>> >irements
>
RE: [Discuss] ACL deny rules
Posted by Kishan Kavala <Ki...@citrix.com>.
Please find my response inline:
> -----Original Message-----
> From: Manan Shah [mailto:manan.shah@citrix.com]
> Sent: Thursday, 21 March 2013 11:05 PM
> To: dev@cloudstack.apache.org
> Cc: Manan Shah
> Subject: Re: [Discuss] ACL deny rules
>
> Thanks Kishan for sharing the FS. Below are some of my questions.
>
> 1. What is the default for an empty container? Is it allow all or deny all?
[KK] Default is deny all. Same as before. Should it be editable or just read-only?
> 2. Can you describe the behaviour for upgrades?
[KK] Upgrade behaviour is already mentioned in the spec.
> 3. Can you also make sure that deletion of Containers will be blocked when
> containers are attached to Tiers?
[KK] Added this to the spec.
>
> Regards,
> Manan Shah
>
>
>
>
> On 3/21/13 2:29 AM, "Kishan Kavala" <Ki...@citrix.com> wrote:
>
> >I would like add support for ACL deny rules in VPC. Functional spec is
> >available at [1] and jira ticket is [2].
> >As part of this feature, NetworkACLContainer will also be introduced to
> >manage network ACLs.
> >
> >This feature is item 2.16 in nTier Apps 2.0 requirements [3].
> >
> >[1]
> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+d
> eny
> >+ru
> >les
> >[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763
> >[3]
> >https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0
> +R
> >equ
> >irements
Re: [Discuss] ACL deny rules
Posted by Manan Shah <ma...@citrix.com>.
Thanks Kishan for sharing the FS. Below are some of my questions.
1. What is the default for an empty container? Is it allow all or deny all?
2. Can you describe the behavior for upgrades?
3. Can you also make sure that deletion of Containers will be blocked when
containers are attached to Tiers?
Regards,
Manan Shah
On 3/21/13 2:29 AM, "Kishan Kavala" <Ki...@citrix.com> wrote:
>I would like add support for ACL deny rules in VPC. Functional spec is
>available at [1] and jira ticket is [2].
>As part of this feature, NetworkACLContainer will also be introduced to
>manage network ACLs.
>
>This feature is item 2.16 in nTier Apps 2.0 requirements [3].
>
>[1]
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/Support+ACL+deny+ru
>les
>[2] https://issues.apache.org/jira/browse/CLOUDSTACK-763
>[3]
>https://cwiki.apache.org/confluence/display/CLOUDSTACK/nTier+Apps+2.0+Requ
>irements