Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

rbac (5) Versions 1.0.3

Allows delegation of service management to users with Solaris Role Based Access Control (RBAC)

Berkshelf/Librarian
Policyfile
Knife
cookbook 'rbac', '~> 1.0.3'
cookbook 'rbac', '~> 1.0.3', :supermarket
knife cookbook site install rbac
knife cookbook site download rbac
README
Dependencies
Quality

Role based access control

Solaris and Illumos provide sophisticated role-based access control for delegating authorizations within the system. Using RBAC, users can be given permissions to manage and update services without sudo.

This cookbook provides chef with LWRPs to manage RBAC and grant permissions.

At this time this cookbook ONLY manages SMF-related permissions (ie, ability of non-priviliged users to start/stop SMF services), but in the future it may be enhanced to support arbitrary Solaris permissions.

Installation

In order to add the RBAC LWRPs to a chef run, add the following recipe to the run_list:

rbac::default

This will do no work, but will load the providers.

LWRPs

rbac

Defines a set of authorizations that can be applied to SMF services and authorized to users, without actually applying them to users.

Actions: * create (default)

Attributes: * name

Example:

rbac "nginx" do
  action :create
end

This will update the authorizations file at /etc/security/auth_attr with the following lines:

solaris.smf.manage.nginx:::Manage nginx Service States::
solaris.smf.value.nginx:::Change value of nginx Service::

Users who are given these authorizations can change properties of the service as well as change its state (i.e. svcadm disable|enable|restart|clear service

rbac_auth

Adds the rbac definition created by auth to the user name.

Actions: * add (default)

Attributes: * name - for descriptive purposes and to ensure that each LWRP call is uniquely identified in the chef run * user * auth

Example:

rbac_auth "add nginx management permissions to my_user" do
  user "my_user"
  auth "nginx"
end

This adds both manage and value auths to user my_user.

TODO

  • separate manage auth from value auth
  • ability to delete all rbac attributes

Collaborator Number Metric
            

1.0.3 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.0.3 failed this metric

FC017: LWRP does not notify when updated: rbac/providers/user.rb:9
FC059: LWRP provider does not declare use_inline_resources: rbac/providers/auth.rb:1
FC059: LWRP provider does not declare use_inline_resources: rbac/providers/default.rb:1
FC059: LWRP provider does not declare use_inline_resources: rbac/providers/user.rb:1
FC064: Ensure issues_url is set in metadata: rbac/metadata.rb:1
FC065: Ensure source_url is set in metadata: rbac/metadata.rb:1
FC066: Ensure chef_version is set in metadata: rbac/metadata.rb:1
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

License Metric
            

1.0.3 passed this metric

No Binaries Metric
            

1.0.3 passed this metric

Publish Metric
            

1.0.3 passed this metric

Supported Platforms Metric
            

1.0.3 passed this metric

Testing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.0.3 passed this metric