Open sergiiF opened 9 years ago
Hi, sergiiF
For now, we don't have ACL control in YiDB. Actually we have ACL logic in ebay version, but we are not ready to open source it as there are some legal issues. I hope you can understand it. Please let me know if you need any help. Thanks.
Thanks & Regards Al Zhang
Yep I understand it :) But. Do you have any roadmap to provide some other ACL version as open source? Or may be you do have some architecture view how it should look like?
The reason I'm asking is that YiDB solution looks really scalable, solid and flexible. We'd like to use it in production. But certainly without ACL CMS is not appropriate for using in PROD. We are also ready to put efforts to participate in developing.
Sure. What kind of ACL do you need? Basic authentication Create/Update/Delete ACL Read ACL Also what ACL level you need? Metaclass level or entity level? I will summarize a document about how we use ACL in ebay. Also I will provide some example code if we could not open source it in time. Please stay tuned.
Thanks & Regards Al Zhang
@sergiiF
Just for your reference, there is open source project ico-topo(https://github.com/icloudobject/ico-topo) which is intent to be a data center CMDB option. The ACL is in planned and will be provided soon, the ACL solution ico-topo is to provide role-based access at class and object level.
Hi, Sergiif
ACL opensource is not ready yet. I want to provide some info first to unblock your development. For now, Yidb in ebay is using token-based acl. For your reference, keystone could be used as a token-based system. We pass token in request header and use the token to Authentication and Authorization. You could add your own code in Yidb resource files to provide metaclass level ACL. Yidb resources are put under cms-web-resource/com.ebay.cloud.cms.entmgr.entity.impl. To provide entity level ACL, there is an interface called com.ebay.cloud.cms.entmgr.entity.IEntityOperationCallback, it's an callback used for entity level ACL check. It's used in method EntityServiceValidator.checkACLInternal(). You can implement your own logic to check entity level ACL. Please let me know if you have any questions.
Thanks & Regards Al Zhang
Hi, Keystone ase source for token-based authentication and authorization look good. Probably this could be the fastest way to get YiDB with a proper ACL protection. Also it could provide 'for free' integration with LDAP, and other keystone features.
Hi, Is there any description how to setup YiDB in a 'production like' style (if possible)? To have REST API/Console with an authorization, role based access, etc. Thanks in advance!