Change ACL path directory
158 views
Skip to first unread message
Daniel Majano
Oct 18, 2016, 7:59:19 AM10/18/16
to rundeck-discuss
Hi people,
Do you know if exist some posibility to change the path directory of the acl files?.
I have tens of different acl files in $RUNDECK_BASE/etc and for me It´s a bit "dirty".
Thanks you for the help,
Regards.
Alex Honor
Oct 18, 2016, 8:08:18 AM10/18/16
to rundeck...@googlegroups.com
Hi Daniel,
If they are policies are project scope, they can be organized into project-specific directories: ie., $RDECK_BASE/projects/{your project}/acls/.
Remove the following stanza when copying there:
context:
project: '.*'--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/ca17c129-5ca6-47af-96de-d2332c06706d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alex Honor
[SimplifyOps, Inc | a...@simplifyops.com ]
Be sure to comment and vote on Rundeck Feature Development!
Scott Bockelman
Nov 9, 2016, 10:36:20 AM11/9/16
to rundeck-discuss
Can you give some more details on the project-specific directories? Have tried the config below in /etc/rundeck/projects/Operations/acls/Ops-Team.aclpolicy and /var/rundeck/projects/Operations/acls/Ops-Team.aclpolicy and both are not working. I have tried removing the "context" stanza as well. The .aclpolicy file does work fine when in /etc/rundeck.
Running RPM Install rundeck-2.6.9-1.21.GA.noarch on EL7
---
description: Ops-Team
context:
project: 'Operations'
for:
resource:
- allow: [read] # allow read/create all kinds
adhoc:
- deny: '*' # allow read/running/killing adhoc jobs
job:
- match:
group: 'Operations Jobs'
allow: [read,run] # allow read/run of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: Ops-Team
---
description: Ops-Team
context:
application: 'rundeck'
for:
project:
- match:
name: 'Operations'
allow: [read] # allow view of Operations Project
by:
group: Ops-Team
On Tuesday, 18 October 2016 07:08:18 UTC-5, Alex Honor wrote:
Hi Daniel,If they are policies are project scope, they can be organized into project-specific directories: ie., $RDECK_BASE/projects/{your project}/acls/.Remove the following stanza when copying there:context: project: '.*'
On Tue, Oct 18, 2016 at 8:59 AM, Daniel Majano <danim...@gmail.com> wrote:
Hi people,Do you know if exist some posibility to change the path directory of the acl files?.I have tens of different acl files in $RUNDECK_BASE/etc and for me It´s a bit "dirty".Thanks you for the help,Regards.
--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/ca17c129-5ca6-47af-96de-d2332c06706d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Alex Honor
Nov 9, 2016, 10:48:22 AM11/9/16
to rundeck...@googlegroups.com
Hi Scott,
Can you try loading the ACLs via the `rd` command line tool? See https://github.com/rundeck/rundeck-cli#projects
Here's a little usage output to give you an idea.
rd projects acls help
Manage Project ACLs
Available commands:
create - Create a project ACL definition
delete - Delete a project ACL definition
get - get a project ACL definition
list - list project acls
upload - Upload a project ACL definition (must already exist)
Use "acls [command] help" to get help on any command.
rd projects acls create help
Create a project ACL definition
Usage: create options
--file -f value : ACLPolicy file to upload
--name -n value : name of the aclpolicy file
--project -p value : Project name
rd projects acls create --file /tmp/jobrunners.aclpolicy --name jobrunners -p myproject
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discuss+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rundeck-discuss/cd87559d-2481-478e-b88b-087e7510da8f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages