-
Notifications
You must be signed in to change notification settings - Fork 411
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
working groovy to enable and configure rbac according to rbac_config.… #118
base: master
Are you sure you want to change the base?
working groovy to enable and configure rbac according to rbac_config.… #118
Conversation
Clarification request: It only creates Roles. Does it not create RBAC groups? Ideally, I will merge once the full workflow is done and you are able to create the Groups too. WDYT? |
Yes I should have mentioned that it creates groups at the root location as well. You can see in the rbac_conifg.yaml here: https://github.com/cloudbees/jenkins-scripts/pull/118/files#diff-9cb32757be40113a7a678af47b25d6f4 The included config is only intended to manage the group for "administrators" because we will need a separate config for managing all other groups and memberships in the node hierarchy. |
Description: Enable and configure RBAC roles, permissions and root groups in Cloudbees Core | ||
Requirements: | ||
file /tmp/rbac_config.yaml (see included example) | ||
Scope: Cloudbees Jenkins Operations Center |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Scope: Cloudbees Jenkins Operations Center | |
Scope: CloudBees Jenkins Operations Center. Prior to Jenkins Configuration as Code (JCaC) support for CloudBees Jenkins Operation Center (JOC). |
The script is using certain pre-requisites that are not specified, running the Script in the mentioned product and version (
I am hitting the following error, running the script in the Script Console ($JOC_URL/script):
I assume that you cannot run it as |
Since: December 2019 | ||
Description: Enable and configure RBAC roles, permissions and root groups in Cloudbees Core | ||
Requirements: | ||
file /tmp/rbac_config.yaml (see included example) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add here in requirements: admin
user or whatever else is needed.
After digging into the issue, it seems that it needed an The following configuration has been using to test the script.
See Mock Security Realm - Jenkins plugin
The error looks like follows
|
This groovy script enables RBAC in Cloudbees Core, and creates roles with permissions as described in the file rbac_config.yaml.
The groovy will also remove and permissions and attempt to remove roles that are not in the yaml, so it should be used with caution!
It's been verified to work on Cloudbees Core 2.190.2.2 and nectar-rbac 5.25.