key-storage for rundeck

236 views
Skip to first unread message

wildxy49

unread,
Nov 9, 2015, 1:13:31 PM11/9/15
to rundeck-discuss
Hello,

I'm trying to setup a rundeck key-storage to store password.  Here's my policy configuration for stage,

description: Admin, all access.
context:
  application: rundeck
for:
  resource:
  - allow: '*'
  project:
  - allow: '*'
  storate:
  - allow: '*'
  storage:
    - match:
        path: 'keys/.*'
      allow: [read]
    - match:
        path: 'keys/project/dreambox-west/.*'
      allow: [read,create,update,delete]
by:
  group:
  - admin

While I am able to create a key, but it won't persist when I refresh page.  

I found these error message in the access log,

e' was not declared in for section => REJECTED_NO_RULES_DECLARED (0ms)
rundeck.log:2015-11-09 17:48:18,628 [qtp1897590019-64] ERROR grails.app.controllers.rundeck.controllers.StorageController - Unauthorized: resource keys/project/dreambox-west/rds: Unauthorized access
rundeck.log:2015-11-09 17:49:29,916 [qtp1897590019-61] ERROR grails.app.controllers.rundeck.controllers.StorageController - Unauthorized: resource keys/project/dreambox-west/rds: Unauthorized access
rundeck.storage.log:[2015-11-09 17:56:30,743] create file keys/project/dreambox-west/rds - [Rundeck-content-size:12, Rundeck-data-type:password, Rundeck-content-mask:content, Rundeck-content-creation-time:2015-11-09T17:56:30Z, Rundeck-auth-created-username:admin, Rundeck-auth-modified-username:admin, Rundeck-content-modify-time:2015-11-09T17:56:30Z, Rundeck-content-type:application/x-rundeck-data-password]
rundeck.storage.log:[2015-11-09 17:56:31,363] get directory keys/project/dreambox-west - -
rundeck.storage.log:[2015-11-09 17:57:49,797] get directory keys/project/dreambox-west - -
rundeck.storage.log:[2015-11-09 18:03:01,807] update file keys/project/dreambox-west/rds - [Rundeck-content-size:12, Rundeck-data-type:password, Rundeck-content-mask:content, Rundeck-auth-modified-username:admin, Rundeck-content-modify-time:2015-11-09T18:03:01Z, Rundeck-content-type:application/x-rundeck-data-password]
rundeck.storage.log:[2015-11-09 18:03:02,152] get directory keys/project/dreambox-west - -
service.log:ERROR StorageController: Unauthorized: resource keys/project/dreambox-west/rds: Unauthorized access
service.log:ERROR StorageController: Unauthorized: resource keys/project/dreambox-west/rds: Unauthorized access
[rundeck@ip-10-205-7-207 rundeck]$ cat /etc/rundeck/admin.aclpolicy

What did I do wrong for the acl configuration?

Thanks,
Chengkai



Reply all
Reply to author
Forward
0 new messages