You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Rohit Yadav <ro...@shapeblue.com> on 2016/03/23 18:04:49 UTC
[DISCUSS] Request for comments: Dynamic Role Based API
Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Thanks Sadhu.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Suresh Sadhu [mailto:suresh.sadhu@accelerite.com]
Sent: Thursday, March 31, 2016 6:01 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
HI Rohit,
I have reviewed the FS and it looks good . I have updated my suggestion on createRolePermission API on FS it self .Please check and share your views.
Regards
Sadhu
Suresh.sadhu@accelerite.com
-----Original Message-----
From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
Sent: Thursday, March 31, 2016 4:12 PM
To: dev@cloudstack.apache.org
Cc: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Thanks Sadhu.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Suresh Sadhu [mailto:suresh.sadhu@accelerite.com]
Sent: Thursday, March 31, 2016 6:01 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
HI Rohit,
I have reviewed the FS and it looks good . I have updated my suggestion on createRolePermission API on FS it self .Please check and share your views.
Regards
Sadhu
Suresh.sadhu@accelerite.com
-----Original Message-----
From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
Sent: Thursday, March 31, 2016 4:12 PM
To: dev@cloudstack.apache.org
Cc: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Suresh Sadhu <su...@accelerite.com>.
HI Rohit,
I have reviewed the FS and it looks good . I have updated my suggestion on createRolePermission API on FS it self .Please check and share your views.
Regards
Sadhu
Suresh.sadhu@accelerite.com
-----Original Message-----
From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
Sent: Thursday, March 31, 2016 4:12 PM
To: dev@cloudstack.apache.org
Cc: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Suresh Sadhu <su...@accelerite.com>.
HI Rohit,
I have reviewed the FS and it looks good . I have updated my suggestion on createRolePermission API on FS it self .Please check and share your views.
Regards
Sadhu
Suresh.sadhu@accelerite.com
-----Original Message-----
From: Rohit Yadav [mailto:rohit.yadav@shapeblue.com]
Sent: Thursday, March 31, 2016 4:12 PM
To: dev@cloudstack.apache.org
Cc: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Thanks Koushik, I'll add my reply to your comments.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
On Mar 28 2016, at 2:08 pm, Koushik Das <ko...@accelerite.com> wrote:
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Koushik Das <ko...@accelerite.com>.
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Koushik Das <ko...@accelerite.com>.
Thanks Rohit, for the replies. Added some more comments based on the replies.
-Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Friday, March 25, 2016 6:42 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: RE: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Koushik,
Thanks for the comments on the FS, I've replied to all of them and updated the FS (for example, default param in APIs).
Let me know on this ML thread or on the FS if you've further questions/comments. Thanks.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Koushik Das [mailto:koushik.das@accelerite.com]
Sent: Friday, March 25, 2016 1:34 PM
To: dev@cloudstack.apache.org; users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Koushik Das <ko...@accelerite.com>.
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Daan Hoogland <da...@gmail.com>.
you know you are great, right?
On Fri, Mar 25, 2016 at 2:10 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi Daan,
>
> Thanks for the comments.
>
> Yes, I looked into it but the IAM-services related work started by some of
> our former colleagues was not in a good shape to be picked up, it also
> introduced resource level fine-grain ACLs that would have required a lot of
> effort to both implement and test thoroughly.
>
> The proposed solution is not the final solution to the rbac problem, but
> aims to solve for role/account management issues for operators while
> ensuring strict backward compatibility, an upgrade path from static based
> system to a db-backed dynamic system and allows scope for future
> improvements.
>
> To share some progress, the feature implementation so far looks promising
> and I'm trying to nail down the edges around upgrade process.
> I'm also investing a lot of time of marvin tests to ensure high quality
> delivery of this feature.
>
> Regards.
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
> -----Original Message-----
> From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
> Sent: Friday, March 25, 2016 12:55 PM
> To: dev <de...@cloudstack.apache.org>
> Cc: users@cloudstack.apache.org
> Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
> Checker for CloudStack
>
> Rohit, I had a first glance and it looks promising; +1 You have been
> thourough on the fs. One question that comes to mind is whatever happened
> to the role base access That Min and Pradhi(not sure if I remeber her name
> correctly) where implementing for 4.4. It failed then because the work was
> taking much more effort then estimated but it was pushed to git.wip-us. Did
> you look at thaat work?
>
> On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
> > Hi all,
> >
> > I want to propose a new feature for CloudStack, dynamic role-based API
> > access checker. This feature will allow us to migrate rules define in
> > commands.properties file to database, while role management (such as
> > creating/editing roles, adding/removing rules) won't require
> > restarting management server(s).
> >
> > Please find more details in the FS here:
> >
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba
> > sed+API+Access+Checker+for+CloudStack
> >
> > I look forward to your comments, suggestions and questions. Thanks.
> >
> > Regards,
> > Rohit Yadav
> >
> > Regards,
> >
> > Rohit Yadav
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
> >
>
>
>
> --
> Daan
>
--
Daan
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Daan Hoogland <da...@gmail.com>.
you know you are great, right?
On Fri, Mar 25, 2016 at 2:10 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi Daan,
>
> Thanks for the comments.
>
> Yes, I looked into it but the IAM-services related work started by some of
> our former colleagues was not in a good shape to be picked up, it also
> introduced resource level fine-grain ACLs that would have required a lot of
> effort to both implement and test thoroughly.
>
> The proposed solution is not the final solution to the rbac problem, but
> aims to solve for role/account management issues for operators while
> ensuring strict backward compatibility, an upgrade path from static based
> system to a db-backed dynamic system and allows scope for future
> improvements.
>
> To share some progress, the feature implementation so far looks promising
> and I'm trying to nail down the edges around upgrade process.
> I'm also investing a lot of time of marvin tests to ensure high quality
> delivery of this feature.
>
> Regards.
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
> -----Original Message-----
> From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
> Sent: Friday, March 25, 2016 12:55 PM
> To: dev <de...@cloudstack.apache.org>
> Cc: users@cloudstack.apache.org
> Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
> Checker for CloudStack
>
> Rohit, I had a first glance and it looks promising; +1 You have been
> thourough on the fs. One question that comes to mind is whatever happened
> to the role base access That Min and Pradhi(not sure if I remeber her name
> correctly) where implementing for 4.4. It failed then because the work was
> taking much more effort then estimated but it was pushed to git.wip-us. Did
> you look at thaat work?
>
> On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
> wrote:
>
> > Hi all,
> >
> > I want to propose a new feature for CloudStack, dynamic role-based API
> > access checker. This feature will allow us to migrate rules define in
> > commands.properties file to database, while role management (such as
> > creating/editing roles, adding/removing rules) won't require
> > restarting management server(s).
> >
> > Please find more details in the FS here:
> >
> > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba
> > sed+API+Access+Checker+for+CloudStack
> >
> > I look forward to your comments, suggestions and questions. Thanks.
> >
> > Regards,
> > Rohit Yadav
> >
> > Regards,
> >
> > Rohit Yadav
> >
> > rohit.yadav@shapeblue.com
> > www.shapeblue.com
> > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
> >
>
>
>
> --
> Daan
>
--
Daan
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Daan,
Thanks for the comments.
Yes, I looked into it but the IAM-services related work started by some of our former colleagues was not in a good shape to be picked up, it also introduced resource level fine-grain ACLs that would have required a lot of effort to both implement and test thoroughly.
The proposed solution is not the final solution to the rbac problem, but aims to solve for role/account management issues for operators while ensuring strict backward compatibility, an upgrade path from static based system to a db-backed dynamic system and allows scope for future improvements.
To share some progress, the feature implementation so far looks promising and I'm trying to nail down the edges around upgrade process.
I'm also investing a lot of time of marvin tests to ensure high quality delivery of this feature.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
Sent: Friday, March 25, 2016 12:55 PM
To: dev <de...@cloudstack.apache.org>
Cc: users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Rohit, I had a first glance and it looks promising; +1 You have been thourough on the fs. One question that comes to mind is whatever happened to the role base access That Min and Pradhi(not sure if I remeber her name
correctly) where implementing for 4.4. It failed then because the work was taking much more effort then estimated but it was pushed to git.wip-us. Did you look at thaat work?
On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi all,
>
> I want to propose a new feature for CloudStack, dynamic role-based API
> access checker. This feature will allow us to migrate rules define in
> commands.properties file to database, while role management (such as
> creating/editing roles, adding/removing rules) won't require
> restarting management server(s).
>
> Please find more details in the FS here:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba
> sed+API+Access+Checker+for+CloudStack
>
> I look forward to your comments, suggestions and questions. Thanks.
>
> Regards,
> Rohit Yadav
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
>
--
Daan
RE: [DISCUSS] Request for comments: Dynamic Role Based
API Access Checker for CloudStack
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Daan,
Thanks for the comments.
Yes, I looked into it but the IAM-services related work started by some of our former colleagues was not in a good shape to be picked up, it also introduced resource level fine-grain ACLs that would have required a lot of effort to both implement and test thoroughly.
The proposed solution is not the final solution to the rbac problem, but aims to solve for role/account management issues for operators while ensuring strict backward compatibility, an upgrade path from static based system to a db-backed dynamic system and allows scope for future improvements.
To share some progress, the feature implementation so far looks promising and I'm trying to nail down the edges around upgrade process.
I'm also investing a lot of time of marvin tests to ensure high quality delivery of this feature.
Regards.
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
-----Original Message-----
From: Daan Hoogland [mailto:daan.hoogland@gmail.com]
Sent: Friday, March 25, 2016 12:55 PM
To: dev <de...@cloudstack.apache.org>
Cc: users@cloudstack.apache.org
Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Rohit, I had a first glance and it looks promising; +1 You have been thourough on the fs. One question that comes to mind is whatever happened to the role base access That Min and Pradhi(not sure if I remeber her name
correctly) where implementing for 4.4. It failed then because the work was taking much more effort then estimated but it was pushed to git.wip-us. Did you look at thaat work?
On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi all,
>
> I want to propose a new feature for CloudStack, dynamic role-based API
> access checker. This feature will allow us to migrate rules define in
> commands.properties file to database, while role management (such as
> creating/editing roles, adding/removing rules) won't require
> restarting management server(s).
>
> Please find more details in the FS here:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba
> sed+API+Access+Checker+for+CloudStack
>
> I look forward to your comments, suggestions and questions. Thanks.
>
> Regards,
> Rohit Yadav
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue
>
--
Daan
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Daan Hoogland <da...@gmail.com>.
Rohit, I had a first glance and it looks promising; +1 You have been
thourough on the fs. One question that comes to mind is whatever happened
to the role base access That Min and Pradhi(not sure if I remeber her name
correctly) where implementing for 4.4. It failed then because the work was
taking much more effort then estimated but it was pushed to git.wip-us. Did
you look at thaat work?
On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi all,
>
> I want to propose a new feature for CloudStack, dynamic role-based API
> access checker. This feature will allow us to migrate rules define in
> commands.properties file to database, while role management (such as
> creating/editing roles, adding/removing rules) won't require restarting
> management server(s).
>
> Please find more details in the FS here:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
>
> I look forward to your comments, suggestions and questions. Thanks.
>
> Regards,
> Rohit Yadav
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
--
Daan
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Koushik Das <ko...@accelerite.com>.
The idea looks good. I have provided some questions/comments on the FS itself.
Thanks,
Koushik
________________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Wednesday, March 23, 2016 10:34 PM
To: dev@cloudstack.apache.org
Cc: users@cloudstack.apache.org
Subject: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack
Hi all,
I want to propose a new feature for CloudStack, dynamic role-based API access checker. This feature will allow us to migrate rules define in commands.properties file to database, while role management (such as creating/editing roles, adding/removing rules) won't require restarting management server(s).
Please find more details in the FS here:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
I look forward to your comments, suggestions and questions. Thanks.
Regards,
Rohit Yadav
Regards,
Rohit Yadav
rohit.yadav@shapeblue.com
www.shapeblue.com
53 Chandos Place, Covent Garden, London WC2N 4HSUK
@shapeblue
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Accelerite, a Persistent Systems business. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Accelerite, a Persistent Systems business does not accept any liability for virus infected mails.
Re: [DISCUSS] Request for comments: Dynamic Role Based API Access
Checker for CloudStack
Posted by Daan Hoogland <da...@gmail.com>.
Rohit, I had a first glance and it looks promising; +1 You have been
thourough on the fs. One question that comes to mind is whatever happened
to the role base access That Min and Pradhi(not sure if I remeber her name
correctly) where implementing for 4.4. It failed then because the work was
taking much more effort then estimated but it was pushed to git.wip-us. Did
you look at thaat work?
On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <ro...@shapeblue.com>
wrote:
> Hi all,
>
> I want to propose a new feature for CloudStack, dynamic role-based API
> access checker. This feature will allow us to migrate rules define in
> commands.properties file to database, while role management (such as
> creating/editing roles, adding/removing rules) won't require restarting
> management server(s).
>
> Please find more details in the FS here:
>
> https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
>
> I look forward to your comments, suggestions and questions. Thanks.
>
> Regards,
> Rohit Yadav
>
> Regards,
>
> Rohit Yadav
>
> rohit.yadav@shapeblue.com
> www.shapeblue.com
> 53 Chandos Place, Covent Garden, London WC2N 4HSUK
> @shapeblue
>
--
Daan