update aclpolicy and replace role mappings
Reported by Greg Schueler | September 7th, 2011 @ 11:35 AM | in Rundeck 1.4 (closed)
enhance the aclpolicy yaml format and replace the role mapping authorization mechanism with aclpolicy-based authorization.
needed features:
- Acccess control on resources other than Jobs can now be declared
- Project level access control is now supported
- "Deny" rules can now be declared
- Application level access control is also supported, replacing the Role mapping
- The RunDeck server no longer uses role-mapping and instead defers to the aclpolicy for all authorizations
The caveats with the new aclpolicy apply to upgrading from an existing 1.3 or earlier installation:
- The old XML aclpolicy files will not work, you will have to convert to the new format
- The previous YAML aclpolicy files will need to be modified to work
- Out of the box, upgrading your server will show numerous "unauthorized" message in the GUI until you upgrade your aclpolicy files
Comments and changes to this ticket
-
Greg Schueler September 9th, 2011 @ 04:21 PM
- State changed from open to needs_verification
-
Greg Schueler September 9th, 2011 @ 05:11 PM
(from [67d6dab253b44f61367ba04f591126d16b391c85]) Remove role mappings from rpm/deb config files [#429] https://github.com/dtolabs/rundeck/commit/67d6dab253b44f61367ba04f5...
-
Greg Schueler September 13th, 2011 @ 06:08 PM
(from [034e4a49ad944f0ded60eddab6dd900674a3246c]) Add node resource level authorizations [#429]
Add read/run authorization checks for nodes. Display
only 'read'able nodes in the GUI, and flag non-runnable nodes.
https://github.com/dtolabs/rundeck/commit/034e4a49ad944f0ded60eddab... -
Greg Schueler September 14th, 2011 @ 09:01 AM
(from [07f5244a2f2879b8cc31803061ce138268c14f2a]) Fix scheduled jobs to act with roleset from user [#429] https://github.com/dtolabs/rundeck/commit/07f5244a2f2879b8cc3180306...
-
Greg Schueler September 14th, 2011 @ 01:52 PM
(from [736eb6b142962a14beafacbf9495992551f935b8]) Add 'create' auth check when creating jobs [#403] [#429]
fix group list to readable jobs when picking group
https://github.com/dtolabs/rundeck/commit/736eb6b142962a14beafacbf9... -
Greg Schueler October 25th, 2011 @ 12:28 PM
(from [3a7e49433553cd07733dc032abe808393ff0b4f6]) Completely remove role mapping references. Remove RoleService [#429] https://github.com/dtolabs/rundeck/commit/3a7e49433553cd07733dc032a...
-
Greg Schueler October 25th, 2011 @ 12:36 PM
- State changed from needs_verification to resolved
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues
People watching this ticket
Referenced by
- 142 Define aclpolicy that confines node execution This has been added as part of #429