This feature allows root administrators to define new roles and associate API
permissions to them.
A limited form of role-based access control for the CloudStack management server
API is provided through a properties file, commands.properties, embedded in the
WAR distribution. Therefore, customizing API permissions requires unpacking the
distribution and modifying this file consistently on all servers. The old system
also does not permit the specification of additional roles.
FS:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Dynamic+Role+Based+API+Access+Checker+for+CloudStack
DB-Backed Dynamic Role Based API Access Checker for CloudStack brings following
changes, features and use-cases:
- Moves the API access definitions from commands.properties to the mgmt server DB
- Allows defining custom roles (such as a read-only ROOT admin) beyond the
current set of four (4) roles
- All roles will resolve to one of the four known roles types (Admin, Resource
Admin, Domain Admin and User) which maintains this association by requiring
all new defined roles to specify a role type.
- Allows changes to roles and API permissions per role at runtime including additions or
removal of roles and/or modifications of permissions, without the need
of restarting management server(s)
Upgrade/installation notes:
- The feature will be enabled by default for new installations, existing
deployments will continue to use the older static role based api access checker
with an option to enable this feature
- During fresh installation or upgrade, the upgrade paths will add four default
roles based on the four default role types
- For ease of migration, at the time of upgrade commands.properties will be used
to add existing set of permissions to the default roles. cloud.account
will have a new role_id column which will be populated based on default roles
as well
Dynamic-roles migration tool: scripts/util/migrate-dynamicroles.py
- Allows admins to migrate to the dynamic role based checker at a future date
- Performs a harder one-way migrate and update
- Migrates rules from existing commands.properties file into db and deprecates it
- Enables an internal hidden switch to enable dynamic role based checker feature
Deprecate commands.properties
- Fixes apidocs and marvin to be independent of commands.properties usage
- Removes bundling of commands.properties in deb/rpm packaging
- Removes file references across codebase
Reviewed-by: John Burwell <john.burwell@shapeblue.com>
QA-by: Boris Stoyanov <boris.stoyanov@shapeblue.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Introduces a boolean option in UI plugins setting it to 'true' would display
the UI plugin on the left navigation bar.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This closes#563
(cherry picked from commit 7c206c30a5)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
-Split 'dictionary.jsp' into two files -> 'dictionary.jsp' and
'dictionary2.jsp' -- this is due to JSP file constraints as the
localization object is getting quite long
-Per change above, 'dictionary' object is now split into an additonal
'dictionary2' object, which is merged with the main dict object on page
load
-All new dictionary mappings should be added to 'dictionary2' now.
Signed-off-by: Brian Federle <brian.federle@citrix.com>
- Preserve the advanced search parameters, so that when the advanced search box is shown again,
it is populated with the values selected/entered previously, unless they have navigated away from the search results page,
or applied any additional filters/search parameters.
Signed-off-by: Mihaela Stoica <mihaela.stoica@citrix.com>
Signed-off-by: Rajani Karuturi <rajanikaruturi@gmail.com>
- Reverted the validator.messages to the original values (jquery.validator.js).
- Added a function to localize validator.messages which is called before login.
Signed-off-by: Brian Federle <brian.federle@citrix.com>
-- Specifically, this fixes issue where secondary IP 'view all' link was
not displaying, due to a change in the rows' CSS naming conventions
in the widget.
Remove extra 'buffer zone' around quick view tooltip. This was
causing misleading behavior in some cases, due to the cursor being
hovered over a different row while another row's quick view was
still open
Evaluates pre-filter for individual actions (i.e., when action.preFilter is specified)
every time a multi-select row is checked orunchecked. This allows multi-select
actions to be shown/hidden on a per-row basis.
Fixes issue where outdated context is passed to subselect's data provider
when infinite scroll event loads more data items. Now, context is derived
from DOM data directly instead of in the args.
Fixes condition where, on 'refresh' of list view, infinite scrolling no longer
works due to leftover state prior to refresh. Now page # and end-of-list
indicator are stores in DOM object, for easier cleanup
Fixes issue where duplicate and/or incorrect list view entries were
being passed due to list view object not being referenced relatively for
multi-select actions, causing more than one list being passed at times.
Adds support for adding preFilter on a per-action basis, to assist in
plugin development. If action.preFilter function is passed, and returns
true/false, the action is shown/hidden. If no preFilter is specified,
then the action will be passed through the detail view's standard filter.
Example:
testAction: {
label: 'Test Action',
...
preFilter: function(args) {
return false; // Action will be hidden
},
...
}
Add event handler on tab change to remove all old tab content. This prevents
potential conflicts with referencing widget data caused by old content laying
around.
Adds 'noPanelView' option for detail view connected to list view. When
specified, don't support opening the detail view in a new browser pane (i.e.,
only render quickview).
If array is passed in field data, render the table cell as a list.
Example:
dataProvider: function(args) {
args.response.success({ data: [ fieldA: ['i1', 'i2', ...] ] })
}
Nicolas Vazquez
Rohit Yadav
Brian Federle
ramamurtis
Jessica Wang
vetrivelc
Mihaela Stoica
seif
seif
Brian Federle