you know you are great, right? On Fri, Mar 25, 2016 at 2:10 PM, Rohit Yadav <rohit.ya...@shapeblue.com> wrote:
> Hi Daan, > > Thanks for the comments. > > Yes, I looked into it but the IAM-services related work started by some of > our former colleagues was not in a good shape to be picked up, it also > introduced resource level fine-grain ACLs that would have required a lot of > effort to both implement and test thoroughly. > > The proposed solution is not the final solution to the rbac problem, but > aims to solve for role/account management issues for operators while > ensuring strict backward compatibility, an upgrade path from static based > system to a db-backed dynamic system and allows scope for future > improvements. > > To share some progress, the feature implementation so far looks promising > and I'm trying to nail down the edges around upgrade process. > I'm also investing a lot of time of marvin tests to ensure high quality > delivery of this feature. > > Regards. > > Regards, > > Rohit Yadav > > rohit.ya...@shapeblue.com > www.shapeblue.com > 53 Chandos Place, Covent Garden, London WC2N 4HSUK > @shapeblue > > -----Original Message----- > From: Daan Hoogland [mailto:daan.hoogl...@gmail.com] > Sent: Friday, March 25, 2016 12:55 PM > To: dev <dev@cloudstack.apache.org> > Cc: us...@cloudstack.apache.org > Subject: Re: [DISCUSS] Request for comments: Dynamic Role Based API Access > Checker for CloudStack > > Rohit, I had a first glance and it looks promising; +1 You have been > thourough on the fs. One question that comes to mind is whatever happened > to the role base access That Min and Pradhi(not sure if I remeber her name > correctly) where implementing for 4.4. It failed then because the work was > taking much more effort then estimated but it was pushed to git.wip-us. Did > you look at thaat work? > > On Wed, Mar 23, 2016 at 6:04 PM, Rohit Yadav <rohit.ya...@shapeblue.com> > wrote: > > > Hi all, > > > > I want to propose a new feature for CloudStack, dynamic role-based API > > access checker. This feature will allow us to migrate rules define in > > commands.properties file to database, while role management (such as > > creating/editing roles, adding/removing rules) won't require > > restarting management server(s). > > > > Please find more details in the FS here: > > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Ba > > sed+API+Access+Checker+for+CloudStack > > > > I look forward to your comments, suggestions and questions. Thanks. > > > > Regards, > > Rohit Yadav > > > > Regards, > > > > Rohit Yadav > > > > rohit.ya...@shapeblue.com > > www.shapeblue.com > > 53 Chandos Place, Covent Garden, London WC2N 4HSUK @shapeblue > > > > > > -- > Daan > -- Daan
