Project

General

Profile

Actions

User story #22206

closed

Allow user to define custom roles in rudder-user.xml

Added by François ARMAND almost 2 years ago. Updated 6 months ago.

Status:
Released
Priority:
N/A
Category:
System integration
Target version:
UX impact:
Suggestion strength:
User visibility:
Effort required:
Name check:
To do
Fix check:
To do
Regression:
No

Description

The idea is to be able to have new roles defined from system roles (atomic permissions or plugin roles).

The general (that will be documented at the end of the implementation) would looks like:

<authentications>
  <custom-roles>
      <role name="role_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
      <role name="role_a1" roles="role_a0" />                            <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="role_b0" roles="inventory" />                          <!-- node_read -->
      <role name="role_c0" roles="node" />                               <!-- node_* -->

      <role name="role_d0" roles="role_a1,role_b0" />                    <!-- node_*,config_*,parameter_*,technique_*,directive_*,rule_* -->

      <role name="inventory" roles="....." />                            <!-- empty list - already defined -->
  </custom-roles>

  <user password="..." name="user_a0" roles="node_read,node_write,configuration" /> <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <user password="..." name="user_a1" roles="role_a" />                             <!-- node_read,node_write,config_*,parameter_*,technique_*,directive_*,rule_* -->
  <!-- same behavior than for roles -->
</authentications>


Subtasks 9 (0 open9 closed)

Architecture #22318: Refactor case insensitivity property for usersReleasedElaad FURREEDANActions
Bug #22353: Administrator doesn't have any access anymoreReleasedVincent MEMBRÉActions
Bug #22357: Reloading user must discared previously registered custom-rolesReleasedVincent MEMBRÉActions
User story #22382: Update documentation for custom rolesReleasedAlexis MoussetActions
Enhancement #22383: Password tag should be optionnal and default to bcrypt encodingReleasedVincent MEMBRÉActions
Bug #22384: Unknown roles must be ignored, not lead to invalid roleReleasedVincent MEMBRÉActions
User management - Enhancement #22385: Update user-management doc for custom-rolesReleasedAlexis MoussetActions
Rudder plugins - Bug #22501: API selft-service token is not in user management but in API extended authzReleasedAlexis MoussetActions
Bug #22579: Rudder can't boot when custom role uses cve_read without cve pluginReleasedVincent MEMBRÉActions

Related issues 4 (0 open4 closed)

Related to User management - Bug #22349: Update user plugin to manage update custom rolesReleasedVincent MEMBRÉActions
Related to Change validation - Bug #22361: Adapt code to changes from #22206 (custom roles)ReleasedFrançois ARMANDActions
Related to Change validation - Bug #22443: Change validation must be adapted to user custom roles changesRejectedFrançois ARMANDActions
Related to Rudder - Bug #22457: Update rudder-user.xml to use permissions in place of roles attributeReleasedVincent MEMBRÉActions
Actions #1

Updated by François ARMAND almost 2 years ago

  • Status changed from New to In progress
Actions #2

Updated by François ARMAND over 1 year ago

  • Subtask #22318 added
Actions #5

Updated by François ARMAND over 1 year ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/4655
Actions #6

Updated by Vincent MEMBRÉ over 1 year ago

  • Status changed from Pending technical review to Pending release
Actions #7

Updated by François ARMAND over 1 year ago

  • Related to Bug #22349: Update user plugin to manage update custom roles added
Actions #8

Updated by François ARMAND over 1 year ago

  • Subtask #22353 added
Actions #9

Updated by François ARMAND over 1 year ago

  • Subtask #22357 added
Actions #10

Updated by Vincent MEMBRÉ over 1 year ago

This bug has been fixed in Rudder 7.3.0~beta1 which was released today.

Actions #11

Updated by Vincent MEMBRÉ over 1 year ago

  • Related to Bug #22361: Adapt code to changes from #22206 (custom roles) added
Actions #12

Updated by François ARMAND over 1 year ago

  • Subtask #22382 added
Actions #13

Updated by François ARMAND over 1 year ago

  • Subtask #22383 added
Actions #14

Updated by François ARMAND over 1 year ago

  • Subtask #22384 added
Actions #15

Updated by François ARMAND over 1 year ago

  • Subtask #22385 added
Actions #16

Updated by François ARMAND over 1 year ago

  • Related to Bug #22443: Change validation must be adapted to user custom roles changes added
Actions #17

Updated by François ARMAND over 1 year ago

  • Related to Bug #22457: Update rudder-user.xml to use permissions in place of roles attribute added
Actions #18

Updated by François ARMAND over 1 year ago

  • Subtask #22579 added
Actions #19

Updated by Vincent MEMBRÉ 6 months ago

  • Status changed from Pending release to Released
Actions

Also available in: Atom PDF