Ansible Installer: Remove EWC & Update regarding LDAP, RBAC & FlowUI #1061
Conversation
There was a problem hiding this comment.
Thanks for the update!
We'll also need to include the documentation instructions with the RBAC & LDAP configuration example.
This could be extracted from the history when EWC was part of it:
https://github.com/StackStorm/st2docs/pull/1020/files#diff-3f8f088be48f3933baeab8a1722d69bb0c9f2351670eaf2f2f4a2c9d83058e9c
Hi @armab , I reviewed the linked PR and compared it to the available docs. Unfortunately, I don't see any important part missing here. To me, all the relevant information for a successful LDAP, RBAC or LDAP & RBAC setup are already available on the rbac documentation and mappings of LDAP groups to RBAC roles is described here for example: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership Please let me know if you still miss anything or give me another pointer and I'll add it to the docs shortly. |
|
https://github.com/StackStorm/st2docs/pull/1020/files#diff-3f8f088be48f3933baeab8a1722d69bb0c9f2351670eaf2f2f4a2c9d83058e9c (https://github.com/StackStorm/st2docs/blob/c7c3ccea5228a558f4558232f96d77cafbc595c8/docs/source/install/ansible.rst#ewc) file provides an example of configuring StackStorm Enterprise. Here's an example showing how to add :doc:`Extreme Workflow Composer </install/ewc>`, with
`LDAP <https://ewc-docs.extremenetworks.com/authentication.html#ldap>`_ authentication and
`RBAC <https://ewc-docs.extremenetworks.com/rbac.html>`_ configuration to allow/restrict/limit |st2|
functionality to specific users:
.. sourcecode:: yaml
- name: Install StackStorm Enterprise
hosts: all
roles:
- name: Install and configure StackStorm Enterprise (EWC)
role: ewc
vars:
ewc_repo: enterprise
ewc_license: CHANGE-ME-PLEASE
ewc_version: latest
# Configure LDAP backend
# See: https://ewc-docs.extremenetworks.com/authentication.html#ldap
ewc_ldap:
backend_kwargs:
bind_dn: "cn=Administrator,cn=users,dc=change-you-org,dc=net"
bind_password: "foobar123"
base_ou: "dc=example,dc=net"
group_dns:
- "CN=stormers,OU=groups,DC=example,DC=net"
host: identity.example.net
port: 389
id_attr: "samAccountName"
# Configure RBAC
# See: https://ewc-docs.extremenetworks.com/rbac.html
ewc_rbac:
# Define EWC roles and permissions
# https://ewc-docs.extremenetworks.com/rbac.html#defining-roles-and-permission-grants
roles:
- name: core_local_only
description: "This role has access only to action core.local in pack 'core'"
enabled: true
permission_grants:
- resource_uid: "action:core:local"
permission_types:
- action_execute
- action_view
- permission_types:
- runner_type_list
# Assign roles to specific users
# https://ewc-docs.extremenetworks.com/rbac.html#defining-user-role-assignments
assignments:
- name: test_user
roles:
- core_local_only
- name: stanley
roles:
- admin
- name: chuck_norris
roles:
- system_admin
- name: Verify EWC Installation
role: ewc_smoketests |
…AP and the FlowUI
…2docs into update-ansible-docs-remove-ewc
…2docs into update-ansible-docs-remove-ewc
|
Done. I was also thinking about having an extra playbook for it provide an example as file but I guess this is the best way to provide such an example and it fits well to the other ones. |
This PR removes the mentions of the ewc roles and adds a note of features being provided by st2 core or st2web since st2 3.4
This is related to and should be merged along with StackStorm/ansible-st2#290