Enhanced acl policy files with rundeck::config::aclpolicyfile #76
Conversation
|
I do like the idea of using one template but I have a couple of questions. Why did you choose to have a separate define rather than just two file resources? Does having a single acl_policies param mean that you'll be applying the same policies to both policy files? This is not something we want to do. |
|
My intention is to have the possibility to create many .aclpolicy files - e.g. create an .aclpolicy file per project. So the abstraction via a define is better than a file. The admin.aclpolicy and apitoken.aclpolicy is using this, too. The functional behavior should be the same as before. Hope this will answer your questions :-) |
| require => File[$properties_dir] | ||
| rundeck::config::aclpolicyfile { 'admin': | ||
| acl_policies => $acl_policies, | ||
| owner => $user, |
There was a problem hiding this comment.
if the default owner and group are rundeck::user and rundeck::group we shouldn't need to specify them here.
|
Ah. I just re-read the documentation on this. I didn't actually know that you can multiple files, so thank you for educating me on that. |
Now, there is just a single template used to create acl policy files based on the define rundeck::config::aclpolicyfile
|
Ok - I removed the user / group settings in config.pp. |
Enhanced acl policy files with rundeck::config::aclpolicyfile
| $acl_policies, | ||
| $owner = $rundeck::user, | ||
| $group = $rundeck::group, | ||
| $properties_dir = $rundeck::framework_config['framework.etc.dir'], |
There was a problem hiding this comment.
There is a problem here in that it misses the deep_merge that happens in rundeck::config, which merges the framework_config parameter from rundeck and rundeck::params::framework_config. I haven't had time to test if just inserting config:: is sufficient or not.
modulesync 0.16.7
Now, there is just a single template used to create acl policy files
based on the define rundeck::config::aclpolicyfile