Defined Type: st2::rbac
- Defined in:
- manifests/rbac.pp
Summary
This defined type creates RBAC resources for usersOverview
Note:
This is an enterprise feature, and requires a license to be used.
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'manifests/rbac.pp', line 13
define st2::rbac (
$ensure = 'present',
$user = $name,
$description = 'Created and managed by Puppet',
$roles = [],
) {
$_rbac_dir = '/opt/stackstorm/rbac'
$_enabled_state = $ensure ? {
'present' => true,
default => false,
}
ensure_resource('file', $_rbac_dir, {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/assignments", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/roles", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['st2::profile::server'],
})
ensure_resource('file', "${_rbac_dir}/assignments", {
'ensure' => 'directory',
'owner' => 'root',
'group' => 'root',
'mode' => '0755',
'require' => Class['st2::profile::server'],
})
ensure_resource('exec', 'reload st2 rbac definitions', {
'command' => 'st2-apply-rbac-definitions',
'refreshonly' => true,
'path' => '/usr/sbin:/usr/bin:/sbin:/bin',
})
file { "${_rbac_dir}/assignments/${user}.yaml":
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0644',
content => template('st2/rbac/assignments/user.yaml.erb'),
notify => Exec['reload st2 rbac definitions'],
}
}
|