This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Based on suggestion from Lucian (Nux), this patch increases the UI's container
width by 200px as most modern resolutions on desktop/laptops/workstations are
at least 1400px wide. By increasing the width and adjusting css properties
throughout the UI, we get more space to show information. This also gets
rid of horizontal scrollbar in case of metrics views. This also, fixes the UI
logos to include our mascot 'cloudmonkey'.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
DetailView widget now supports bool isCopyPaste property that can be set
for fields. If this is set to true, the text of this field is displayed
using ellipsis formatting* and a copy-paste icon is available right next
to it. On clicking this icon, the full text is displayed
*: tooltip is also enabled showing the original non-ellipsed value
-Label recoverVirtualMachine as 'Recover VM'
-Label restoreVirtualMachine as 'Reinstall VM'
-Change confirmation text for restoreVirtualMachine to be more explicit
-Change restoreVirtualMachine icon to 'recycle' symbol, to avoid
confusion with the reboot VM icon
-Fix missing icons on some dialog headers
-multiEdit: Fix overflow for long text strings
-Projects UI: Fix project selector margins, overflow on 'Events' box
on project dashboard
This change includes the new dialog box for the CloudStack Autoscaler
implementation. It is accessible by a button ('Autoscaler') that
appears under each LB rule.
This also contains changes to the multiEdit widget to support features
required for Autoscaler:
-Fixes context/data passing to custom button widgets
-Fixes data retrieval for select fields
On hover of a breadcrumb, show an overlay effect which focuses on that
particular panel, hiding all panels after it.
This allows a user to see the content of previous breadcrumbs that the
user loaded.
Place tagging widget in a separate action and dialog class; it is
indicated by a 'tag' icon for better clarity.
-- This removes the requirement to specify a dummy 'edit' action on
multi-rules; instead, the separate tag action will appear automatically
as long as 'tags' is specified under the multiEdit's properties.
Conflicts:
client/WEB-INF/classes/resources/messages.properties
ui/css/cloudstack3.css
ui/index.jsp
** Note: this is a work-in-progress, and only contains dummy content
Implement UI for managing VPC tiers, via a custom chart-like UI list
tiers and allowing the management of VMs associated with the VPCs.
Adds new action, upload volume, to the storage->volumes list view
header. This will present a dialog to specify URL & name of volume,
and select a VM to attach the volume to.
Server API calls are still incomplete and rely on hardcoded values.
-Add additional shortcuts for:
-Primary storage
-Secondary storgage
-Virtual routers
-System VMs
-Replace host stats with the new shortcuts
-Add 'zone' dropdown to create form for the newly added-shortcuts'
sections, to support creating these items without a zone context
