-
-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ansible Installer: Remove EWC & Update regarding LDAP, RBAC & FlowUI #1061
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the update!
We'll also need to include the documentation instructions with the RBAC & LDAP configuration example.
This could be extracted from the history when EWC was part of it:
https://github.com/StackStorm/st2docs/pull/1020/files#diff-3f8f088be48f3933baeab8a1722d69bb0c9f2351670eaf2f2f4a2c9d83058e9c
Hi @armab , I reviewed the linked PR and compared it to the available docs. Unfortunately, I don't see any important part missing here. To me, all the relevant information for a successful LDAP, RBAC or LDAP & RBAC setup are already available on the rbac documentation and mappings of LDAP groups to RBAC roles is described here for example: https://docs.stackstorm.com/rbac.html#automatically-granting-roles-based-on-ldap-group-membership Please let me know if you still miss anything or give me another pointer and I'll add it to the docs shortly. |
https://github.com/StackStorm/st2docs/pull/1020/files#diff-3f8f088be48f3933baeab8a1722d69bb0c9f2351670eaf2f2f4a2c9d83058e9c (https://github.com/StackStorm/st2docs/blob/c7c3ccea5228a558f4558232f96d77cafbc595c8/docs/source/install/ansible.rst#ewc) file provides an example of configuring StackStorm Enterprise. Here's an example showing how to add :doc:`Extreme Workflow Composer </install/ewc>`, with
`LDAP <https://ewc-docs.extremenetworks.com/authentication.html#ldap>`_ authentication and
`RBAC <https://ewc-docs.extremenetworks.com/rbac.html>`_ configuration to allow/restrict/limit |st2|
functionality to specific users:
.. sourcecode:: yaml
- name: Install StackStorm Enterprise
hosts: all
roles:
- name: Install and configure StackStorm Enterprise (EWC)
role: ewc
vars:
ewc_repo: enterprise
ewc_license: CHANGE-ME-PLEASE
ewc_version: latest
# Configure LDAP backend
# See: https://ewc-docs.extremenetworks.com/authentication.html#ldap
ewc_ldap:
backend_kwargs:
bind_dn: "cn=Administrator,cn=users,dc=change-you-org,dc=net"
bind_password: "foobar123"
base_ou: "dc=example,dc=net"
group_dns:
- "CN=stormers,OU=groups,DC=example,DC=net"
host: identity.example.net
port: 389
id_attr: "samAccountName"
# Configure RBAC
# See: https://ewc-docs.extremenetworks.com/rbac.html
ewc_rbac:
# Define EWC roles and permissions
# https://ewc-docs.extremenetworks.com/rbac.html#defining-roles-and-permission-grants
roles:
- name: core_local_only
description: "This role has access only to action core.local in pack 'core'"
enabled: true
permission_grants:
- resource_uid: "action:core:local"
permission_types:
- action_execute
- action_view
- permission_types:
- runner_type_list
# Assign roles to specific users
# https://ewc-docs.extremenetworks.com/rbac.html#defining-user-role-assignments
assignments:
- name: test_user
roles:
- core_local_only
- name: stanley
roles:
- admin
- name: chuck_norris
roles:
- system_admin
- name: Verify EWC Installation
role: ewc_smoketests |
…AP and the FlowUI
…2docs into update-ansible-docs-remove-ewc
…2docs into update-ansible-docs-remove-ewc
Done. I was also thinking about having an extra playbook for it provide an example as file but I guess this is the best way to provide such an example and it fits well to the other ones. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks!
This PR removes the mentions of the ewc roles and adds a note of features being provided by st2 core or st2web since st2 3.4
This is related to and should be merged along with StackStorm/ansible-st2#290