Github user koushik-das commented on the pull request:
https://github.com/apache/cloudstack/pull/1489#issuecomment-215008749
>>That is to say that the API permissions on a fresh install before and
after this is merged should behave the same out of the box. If that's the case
then I don't think users will feel forced into anything or even notice that
something was changed, and if someone really does care, it sounds simple enough
to enable commands.properties.
@mlsorensen @jburwell Unless users try it out how will they verify that the
behaviour is same out of box before and after. I know testing have been done
but is it good enough to say that things are consistent before and after. Note
that there is data migration happening from commands.properties to DB. I know
that commands.properties has it limitations but that doesn't mean it needs to
be removed immediately. Let the new feature be there for atleast a couple of
releases so that it can be tried out and stabilized before deprecating the
old one. If the concern is about the file getting changed then that can be
easily prevented (same is done for the old db schema files as well). All I am
saying is if the file needs to be removed do it after a few releases by
following the proper deprecation process.
>>Second, command.properties does not permit the definition of new roles.
Limiting users to 4 roles in a modern cloud environment is a barrier to
CloudStack adoption.
@jburwell Correct me if I am wrong but based on what I have seen in the
code even after this feature there will still be 4 roles. I think what this
feature allows is creating some grouping of permissions and assigning them a
name. I can create a role with name "Operator" having say API1 and API2,
someone else can create a role with same name but with API3 and API4. The same
can be implemented as an independent plugin outside of cloudstack as well.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
