Hey Talluri, Hope you're in good health. Find my comments inline;
On Tue, Apr 29, 2014 at 11:41 PM, Srikanteswararao Talluri < srikanteswararao.tall...@citrix.com> wrote: > I have tested username and password support for cloud monkey. > > 1. It breaks when a non privileged user issue some commands. > For example: . When a non admin user issues OElist zonesĀ¹ > If you install fresh cloudmonkey, it will have cached list of apis so users can run any API. When sync is called all APIs that the user is allowed to call is returned. So, it's alright, an non-admin user issuing API call like list zone will fail. > 2. It is not handled when the api port is set to 8096 and (username, > password) are provided. > If CloudStack mgmt server has enable the non-auth port 8096 (via global config), it should have worked. The ApiServer in runs on this port for service layers, like the CPBM to bypass auth and use the API layer. If it does not work now, probably something changed in CloudStack since 4.3 or the port 8096 was not enabled? > 3. What takes precedence when (apikey, secret key) and (username, > password) both are provided. > This is debatable. IMHO cloudmonkey should never have feature to login using username:password (which is stored in plain text). I think it was a bad practice to introduce such a feature, so the initial versions I wrote did not have this features. I'm in favour of users using API keys/secrets which are revokable (for example different clients can have different pair, so many key pairs provide an isolation of credentials; in case something leaks you don't have to reset all passwords etc.). Regards. Thanks, ~Talluri On 29/04/14 2:01 pm, "sebgoa" <run...@gmail.com> wrote: > >On Apr 25, 2014, at 7:40 PM, Chiradeep Vittal ><chiradeep.vit...@citrix.com> wrote: > >> Please follow the Release test procedure below >> https://cwiki.apache.org/confluence/x/2iNqAg > > >Followed the testing procedure and tested on exoscale > >+1 > > >> >> From: Chiradeep Vittal >><chiradeep.vit...@citrix.com<mailto:chiradeep.vit...@citrix.com>> >> Reply-To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" >><dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>> >> Date: Thursday, April 24, 2014 at 5:12 PM >> To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>" >><dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>> >> Subject: [VOTE] Release Apache CloudStack CloudMonkey 5.1.0 >> >> Hi All, >> >> I've created a 5.1.0 release of CloudMonkey, with the following >>artifacts >> up for a vote: >> >> Git Branch and Commit SH: >> >>https://git-wip-us.apache.org/repos/asf?p=cloudstack-cloudmonkey.git;a=sh >>or >> tlog;h=refs/heads/5.1.0 >> Commit: 0b7a6bce246bbf261e6f096d1c18a85949ed5a22 >> >> List of changes: >> >>https://git-wip-us.apache.org/repos/asf?p=cloudstack-cloudmonkey.git;a=bl >>ob >> _plain;f=CHANGES;hb=5.1.0 >> >> Source release (checksums and signatures are available at the same >> location): >> https://dist.apache.org/repos/dist/dev/cloudstack/cloudmonkey-5.1.0/ >> >> PGP release keys (signed using E8DAE809): >> https://dist.apache.org/repos/dist/release/cloudstack/KEYS >> >> Vote will be open for 72 hours. >> >> For sanity in tallying the vote, can PMC members please be sure to >> indicate "(binding)" with their vote? >> >> [ ] +1 approve >> [ ] +0 no opinion >> [ ] -1 disapprove (and reason why) >> >> >
