Project

General

Profile

Actions
Copy link

User story #22206

closed

Allow user to define custom roles in rudder-user.xml

User story #22206: Allow user to define custom roles in rudder-user.xml

Added by François ARMAND almost 3 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
System integration
Target version:
7.3.0~beta1
Pull Request:
https://github.com/Normation/rudder/p...
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

The idea is to be able to have new roles defined from system roles (atomic permissions or plugin roles).

The general (that will be documented at the end of the implementation) would looks like:

<authentications>
  <custom-roles>
      <role name="role_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
      <role name="role_a1" roles="role_a0" />                            <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="role_b0" roles="inventory" />                          <!-- node_read -->
      <role name="role_c0" roles="node" />                               <!-- node_* -->

      <role name="role_d0" roles="role_a1,role_b0" />                    <!-- node_*,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="inventory" roles="....." />                            <!-- empty list - already defined -->
  </custom-roles>

  <user password="..." name="user_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <user password="..." name="user_a1" roles="role_a" />                             <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <!-- same behavior than for roles -->
</authentications>

Subtasks 9 (0 open9 closed)

Architecture #22318: Refactor case insensitivity property for usersReleasedElaad FURREEDANActions
Bug #22353: Administrator doesn't have any access anymoreReleasedVincent MEMBRÉActions
Bug #22357: Reloading user must discared previously registered custom-rolesReleasedVincent MEMBRÉActions
User story #22382: Update documentation for custom rolesReleasedAlexis MoussetActions
Enhancement #22383: Password tag should be optionnal and default to bcrypt encodingReleasedVincent MEMBRÉActions
Bug #22384: Unknown roles must be ignored, not lead to invalid roleReleasedVincent MEMBRÉActions
User management - Enhancement #22385: Update user-management doc for custom-rolesReleasedAlexis MoussetActions
Rudder plugins - Bug #22501: API selft-service token is not in user management but in API extended authzReleasedAlexis MoussetActions
Bug #22579: Rudder can't boot when custom role uses cve_read without cve pluginReleasedVincent MEMBRÉActions

Related issues 4 (0 open4 closed)

Related to User management - Bug #22349: Update user plugin to manage update custom rolesReleasedVincent MEMBRÉActions
Related to Change validation - Bug #22361: Adapt code to changes from #22206 (custom roles)ReleasedFrançois ARMANDActions
Related to Change validation - Bug #22443: Change validation must be adapted to user custom roles changesRejectedFrançois ARMANDActions
Related to Rudder - Bug #22457: Update rudder-user.xml to use permissions in place of roles attributeReleasedVincent MEMBRÉActions

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #1

  • Status changed from New to In progress

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #2

  • Subtask #22318 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #5

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4655

Updated by Vincent MEMBRÉ almost 3 years ago Actions
Copy link
 #6

  • Status changed from Pending technical review to Pending release

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #7

  • Related to Bug #22349: Update user plugin to manage update custom roles added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #8

  • Subtask #22353 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #9

  • Subtask #22357 added

Updated by Vincent MEMBRÉ almost 3 years ago Actions
Copy link
 #10

This bug has been fixed in Rudder 7.3.0~beta1 which was released today.

Updated by Vincent MEMBRÉ almost 3 years ago Actions
Copy link
 #11

  • Related to Bug #22361: Adapt code to changes from #22206 (custom roles) added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #12

  • Subtask #22382 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #13

  • Subtask #22383 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #14

  • Subtask #22384 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #15

  • Subtask #22385 added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #16

  • Related to Bug #22443: Change validation must be adapted to user custom roles changes added

Updated by François ARMAND almost 3 years ago Actions
Copy link
 #17

  • Related to Bug #22457: Update rudder-user.xml to use permissions in place of roles attribute added

Updated by François ARMAND over 2 years ago Actions
Copy link
 #18

  • Subtask #22579 added

Updated by Vincent MEMBRÉ over 1 year ago Actions
Copy link
 #19

  • Status changed from Pending release to Released
Actions
Copy link

Also available in: PDF Atom