Hi Rainer,
It's magic, it worked on our staging environment! :D
I was able to install version 4.6.0 without breaking the options of certain jobs.
I struggled a bit because I couldn't re-import the jobs on some projects (most in fact, 22 out of 31). Even with admin accounts I had 403 "errorCode":"unauthorized" errors.
I modified an admin acl which was quite old, but that didn't change anything. Then I dropped all the database data to re-import them with psql... and now the import works on all projects. I didn't understand why.
Here is the initial acl snippet
description: Full-access to rundeck resources (rundeck_usl token from puppet, TEAM_AVENGERS & GG_A_RDECK_ADMIN)
context:
app: 'rundeck'
for:
resource:
- allow: '*' # full-access to all kinds of resources (project, system, system_acl, user, job, apitoken)
project:
- allow: '*' # full-access
project_acl:
- allow: '*' # full-access
storage:
- allow: '*' # full-access
apitoken:
- allow: '*' # full-access
by:
username:
- 'rundeck_usl_token' # rundeck_usl token from puppet
group:
- 'TEAM_AVENGERS'
- 'GG_A_RDECK_ADMIN'
I replaced the project part with
project:
- match:
name: '.*'
allow: [read,import,export,configure,delete,promote,admin] # allow full access of all projects or use 'admin'
Are the 2 notations equivalent?
Anyway, thanks a lot for the tip.