Pierre-Yves Gillier

Rundeck ACLs

By Pierre-Yves Gillier in , , ,
Rundeck ACLs

Rundeck doc on ACLs is... unsufficient. And as stated before, I needed to grant execution of jobs to a dedicated group but without other rights.

Adding this file to your rundeck setup will grant all users belonging to deploy group execution of all jobs in all projects.

description: Application access.
context:
  application: rundeck
for:
  project:
  - allow: read

by:
  group: [deploy]

---
description : global project config for running jobs on nodes.
context:
  project: '.*'
for:
  resource:
    - equals:
        kind: 'event'
      allow: read
    - equals:
        kind: 'node'
      allow: [read, refresh, run] # allow refresh node sources (dynamic nodes resources)
  job:
  - allow: [read, run, kill]
  node:
  - allow: [read, run]
by:
  group: [deploy]
Share: LinkedIn Bluesky Facebook
Pierre-Yves Gillier's Picture

About Pierre-Yves Gillier

Pierre-Yves is deploying his talents for AWS as a Solutions Architect
Angers, France https://pygillier.me/

Comments