[Kimchi-devel] [WIP] Filter VMs by users and groups
Royce Lv
lvroyce at linux.vnet.ibm.com
Wed Jul 16 07:55:34 UTC 2014
As I commented in Aline's authorization patch, I think we get to the
point to split Linux user/group with kimchi user/group,
1. we want different admin just responsible for their own parts:
network admin manage network, storage admin manage storage, but
superuser/un-previledged user does not have such fine grained view.
2. we want multi-level of access of one tab:
take guest management as an example, we want
create/destroy--start/stop--access vnc, at least 3 levels of access.
superuser way cannot reflect multi-level control.
On 2014年07月12日 03:08, Crístian Viana wrote:
> This is a working version of the patchset. It will use the users and groups
> metadata on each VM to decide if the current user is able to perform an
> operation on the VM. If the user (1) has sudo access or (2) is listed in the VM
> 'users' metadata or (3) is part of at least one of the groups listed in the VM
> 'groups' metadata, they will be able to see and perform any operation on that VM.
>
> The VMs listed by /vms are also filtered by the current user's permissions.
>
> This patch contains the actual feature implementation. The tests and appropriate
> updates to the mockmodel are not ready yet, as they happen to require more
> changes in the current code than expected.
>
> Crístian Viana (1):
> Filter VMs by users and groups
>
> src/kimchi/control/base.py | 4 +++
> src/kimchi/model/vms.py | 63 ++++++++++++++++++++++++++++++++++++++++++++--
> 2 files changed, 65 insertions(+), 2 deletions(-)
>
More information about the Kimchi-devel
mailing list