Skip to content

RBAC Management Defined Type #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Sep 25, 2015
Merged

RBAC Management Defined Type #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9f1e820
adding initial RBAC management
jfryman Sep 25, 2015
3b40a07
ensure roles directory is created
jfryman Sep 25, 2015
cfe87cd
Update rbac.pp
jfryman Sep 25, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Changelog

## 0.9.8 (Sept 25, 2015)
* Add ability to manage StackStorm RBAC roles (*improvement*)

## 0.9.7 (Sept 22, 2015)
* Restart mistral on init script update

Expand Down
69 changes: 69 additions & 0 deletions manifests/rbac.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Definition: st2::rbac
#
# This defined type creates RBAC resources for users
# This is an enterprise feature, and requires a license
# to be used.
#
# Example
#
# st2::rbac { 'admin':
# description => "Administrative user",
# roles => [
# 'observer',
# 'my_test_role',
# ],
# }
define st2::rbac (
$ensure = 'present',
$user = $name,
$description = "Created and managed by Puppet",
$roles = [],
) {
$_rbac_dir = '/opt/stackstorm/rbac'
$_enabled_state = $ensure ? {
'present' => 'true',
default => 'false',
}

ensure_resource('file', $_rbac_dir, {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['::st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/assignments", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['::st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/roles", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['::st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/assignments", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['::st2::profile::server'],
})
ensure_resource('exec', 'reload st2 rbac definitions', {
'cmd' => 'st2-apply-rbac-definitions',
'refreshonly' => 'true',
'path' => '/usr/sbin:/usr/bin:/sbin:/bin',
})
file { "${_rbac_dir}/assignments/${user}.yaml":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('st2/rbac/assignments/user.yaml.erb'),
notify => Exec['reload st2 rbac definitions'],
}
}
2 changes: 1 addition & 1 deletion metadata.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "stackstorm-st2",
"version": "0.9.7",
"version": "0.9.8",
"author": "stackstorm",
"summary": "Puppet module to manage/configure StackStorm",
"license": "Apache 2.0",
Expand Down
8 changes: 8 additions & 0 deletions templates/rbac/assignments/user.yaml.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
username: "<%= @user %>"
description: "<%= @description %>"
enabled: <%= @_enabled_state %>
roles:
<%- @roles.each do |role| -%>
- "<%= role %>"
<%- end -%>