我在/ etc / rundeck中为我的组添加了ACL策略。
rd-acl test -c application -g "Cloud Team" -a create -G project
Using configured Rundeck etc dir: /etc/rundeck
The decision was: allowed
The test passed
然后我通过该网站登录Rundeck,我看到了:
You have no authorized access to projects.
Contact your administrator. (User roles: ..., Cloud Team, ...)
为了很好,我暂时为我的用户制定了另一个ACL策略。 我用我的用户名通过了测试。 rd-acl测试-c应用程序-u myuser -a创建-G项目
我还尝试了一个名称中没有空格的组,并得到了相同的结果。
如果有所不同,我将使用我的AD凭据登录,并且正在从AD中提取组。
这是在Rundeck 3.0.20-20190408
我的ACL政策
description: Admin, all access.
context:
project: '.*' # all projects
for:
resource:
- allow: '*' # allow read/create all kinds
adhoc:
- allow: '*' # allow read/running/killing adhoc jobs
job:
- allow: '*' # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
group: Cloud Team
---
description: Admin, all access.
context:
application: 'rundeck'
for:
resource:
- allow: '*' # allow create of projects
project:
- allow: '*' # allow view/admin of all projects
project_acl:
- allow: '*' # allow admin of all project-level ACL policies
storage:
- allow: '*' # allow read/create/update/delete for all /keys/* storage content
by:
group: Cloud Team
我在rundeck.access.log中看到这样的错误
Evaluating Decision for: res<type:resource, kind:project> subject<Username:MyNameHere Group:OneOfMyGroups Group:AnotherGroup Group:Cloud Team> action<create> env<rundeck:auth:env:application:run
deck>: authorized: false: No context matches subject or environment => REJECTED_NO_SUBJECT_OR_ENV_FOUND (0ms)