本文介绍如何在Rundeck中创建普通API Token,并详细展示了realm.properties配置文件及权限文件vimapiforhades.aclpolicy和vimapitoken.aclpolicy的内容。这些配置允许特定用户或组对Rundeck进行不同级别的访问控制。
rundeck创建普通apitoken
** realm.properties 配置文件加
** apiforhades: MD5:xxxxxx,user,api_token_group
**etc 权限文件添加**
**vim apiforhades.aclpolicy**
description: Admin, all access.
context:
project: '.*' # all projects
for:
resource:
- equals:
kind: job
allow: [read,run,kill] # allow read/create all kinds
- equals:
kind: node
allow: [run]
- equals:
kind: event
allow: [read]
adhoc:
- deny: '*'
job:
- allow: [read,run] # allow read/write/delete/run/kill of all jobs
node:
- allow: '*' # allow read/run for all nodes
by:
username: apiforhades
---
description: Admin, all access.
context:
application: 'rundeck'
for:
resource:
- allow: '*' # allow create of projects
project:
- allow: [read,configure] # allow view/admin of all projects
storage:
- allow: 'read' # allow read/create/update/delete for all /keys/* storage content
by:
username: apiforhades
** vim apitoken.aclpolicy **
description: API project level access control
context:
project: '.*' # all projects
for:
resource:
- equals:
kind: job
allow: [read] # allow create and delete jobs
- equals:
kind: node
allow: [run] # allow refresh node sources
- equals:
kind: event
allow: [read] # allow read/create events
adhoc:
- deny: '*' # allow running/killing adhoc jobs and read output
job:
- allow: [read] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [run] # allow read/run for all nodes
by:
group: api_token_group
---
description: API Application level access control
context:
application: 'rundeck'
for:
resource:
- equals:
kind: system
allow: [read] # allow read of system info
project:
- match:
name: '.*'
allow: [read] # allow view of all projects
storage:
- match:
path: '(keys|keys/.*)'
allow: '*' # allow all access to manage stored keys
by:
group: api_token_group
转载于:https://blog.51cto.com/sry2004/2059953
扫一扫
4586
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
