Rundeck 3.4 ACL change ?

[Xavier Humbert]

Hi,

I want my users ti have a look at the new Rundeck interface, so I
created a sandbox project 'RUNDECK_3.4' on a qualification machine

I' checked out the release notes, but didn't noice someting special
about ACLs.
However, this wide opened ACL does not grant access to the project :

> ---
> description: Global project admin permissions to role
> context:
>   project: 'RUNDECK_3.4'
> for:
>   resource:
>   - equals:
>       kind: job
>     allow: '*'
>   - equals:
>       kind: node
>     allow: '*'
>   - equals:
>       kind: event
>     allow: '*'
>   adhoc:
>     - allow: '*'
>   job:
>     - allow: '*'
>   node:
>     - allow: '*'
>   project:
>     - allow: '*'
> by:
>   group: 'invite'
> ---
> description: invite application scope permissions
> context:
>   application: 'rundeck'
> for:
>   resource:
>     - equals:
>         kind: project
>       allow: '*'
>   storage:
>     - equals:
>         name: 'keys'
>         path: 'keys'
>       allow: [read]
>     - equals:
>         path: 'keys/RUNDECK_3.4'
>       allow: [read]
>     - match:
>         path: 'keys/RUNDECK_3.4/.*'
>       allow: [read]
>   project:
>     - match:
>         name: 'RUNDECK_3.4'
>       allow: '*'
> by:
>   group: 'invite'
What's wrong ?

Regards,

Xavier

--
Xavier Humbert
CRT Supervision et Exploitation de Niveau 1
Rectorat de Nancy-Metz
03 83 86 27 39

[rac...@rundeck.com]

Hi Xavier,

Tested with the following basic one and works:

description: project context.
context:
  project: 'RUNDECK_3.4'
for:
  resource:
    - allow: '*'
  adhoc:
    - allow: '*'
  job: 
    - allow: '*'
  node:
    - allow: '*'
by:
  group: invite

---

description: app context.
context:
  application: 'rundeck'

for:
  project:
    - match:
        name: 'RUNDECK_3.4'
      allow: '*'
  storage:
    - match:
        path: 'keys/RUNDECK_3.4/.*'
      allow: '*'
by:
  group: invite

Make sure that another ACL does not interfere with the current one.

Feel free to modify it :-)

​