Hi Daan, Thanks for the comments.
Yes, I looked into it but the IAM-services related work started by some of our former colleagues was not in a good shape to be picked up, it also introduced resource level fine-grain ACLs that would have required a lot of effort to both implement and test thoroughly. The proposed solution is not the final solution to the rbac problem, but aims to solve for role/account management issues for operators while ensuring strict backward compatibility, an upgrade path from static based system to a db-backed dynamic system and allows scope for future improvements. To share some progress, the feature implementation so far looks promising and I'm trying to nail down the edges around upgrade process. I'm also investing a lot of time of marvin tests to ensure high quality delivery of this feature. Regards. Regards, Rohit Yadav rohit.ya...@shapeblue.com www.shapeblue.com 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue -----Original Message----- From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] Sent: Friday, March 25, 2016 12:55 PM To: dev <dev@cloudstack.apache.org> Cc: us...@cloudstack.apache.org Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access Checker for CloudStack Rohit, I had a first glance and it looks promising; +1 You have been thourough on the fs. One question that comes to mind is whatever happened to the role base access That Min and Pradhi(not sure if I remeber her name correctly) where implementing for 4.4. It failed then because the work was taking much more effort then estimated but it was pushed to git.wip-us. Did you look at thaat work? On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote: > Hi all, > > I want to propose a new feature for CloudStack, dynamic role-based API > access checker. This feature will allow us to migrate rules define in > commands.properties file to database, while role management (such as > creating/editing roles, adding/removing rules) won't require > restarting management server(s). > > Please find more details in the FS here: > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba > sed+API+Access+Checker+for+CloudStack > > I look forward to your comments, suggestions and questions. Thanks. > > Regards, > Rohit Yadav > > Regards, > > Rohit Yadav > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > -- Daan
