e14c2ec724
Changes: - IAM was applying ordering on accessTypes. Thus if an account had Operate, he got USe access as well. So even if IAM schema did not have 'UseEntry" permission for IpAddress, some other 'OperateEntry' permission on IpAddress was letting this operation go through. - Fixed IAM to NOT do ordering of access types anymore. IAm will perform strict accessType check only. - This fix is needed so that admin does not get permission to USE resources from other account just becase he has OPERATE access on those resources due to some other APIs. - However due to this fix, we break backwards compatibilty with CS 4.3. - CS 4.3 allowed root admin to do the createPF operation for a user by passing in networkId of the user. - Same was the case for domain admins within their domains - Why this worked was due to CS 4.3 simply returning true for root admin/domain admin - So to maintain backwards compatibilty, we are adding the logic to return "true" for root admin and domain admin just like CS 4.3. - Exception is: For Network, AffinityGroup and Templates, we still call IAM even for root admin/domain admin, since thats what CS 4.3 did. Just for these 3 resource_types, it used to perform access checks even for root admin/domain admin. |
||
|---|---|---|
| agent | ||
| agent-simulator/tomcatconf | ||
| api | ||
| awsapi | ||
| awsapi-setup | ||
| build | ||
| client | ||
| cloud-cli | ||
| core | ||
| debian | ||
| deps | ||
| developer | ||
| docs/.tx | ||
| engine | ||
| framework | ||
| maven-standard | ||
| packaging | ||
| plugins | ||
| python | ||
| quickcloud | ||
| scripts | ||
| server | ||
| services | ||
| setup | ||
| systemvm | ||
| test | ||
| tools | ||
| ui | ||
| usage | ||
| utils | ||
| vmware-base | ||
| .gitignore | ||
| CHANGES | ||
| INSTALL.md | ||
| LICENSE | ||
| LICENSE.header | ||
| NOTICE | ||
| README.md | ||
| README.tools.md | ||
| configure-info.in | ||
| pom.xml | ||
| version-info.in | ||
README.md
Apache CloudStack Version 4.2.0
About Apache CloudStack
Apache CloudStack is software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform. CloudStack is used by a number of service providers to offer public cloud services, and by many companies to provide an on-premises (private) cloud offering.
Apache CloudStack currently supports the most popular hypervisors: VMware, Oracle VM, KVM, XenServer and Xen Cloud Platform. CloudStack also offers bare metal management of servers, using PXE to provision OS images and IPMI to manage the server. Apache CloudStack offers three methods for managing cloud computing environments: an easy to use Web interface, command line tools, and a full-featured RESTful API.
Visit us at Apache CloudStack.
Mailing lists
Development Mailing List Users Mailing List Commits Mailing List Issues Mailing List Marketing Mailing List
License
Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Building CloudStack
See the INSTALL file.
Notice of Cryptographic Software
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
The following provides more details on the included cryptographic software:
CloudStack makes use of JaSypt cryptographic libraries
CloudStack has a system requirement of MySQL, and uses native database encryption functionality.
CloudStack makes use of the Bouncy Castle general-purpose encryption library.
CloudStack can optionally interacts with and controls OpenSwan-based VPNs.
CloudStack has a dependency on Apache WSS4J as part of the AWSAPI implementation.
CloudStack has a dependency on and makes use of JSch - a java SSH2 implementation.