cookbook 'rbac', '~> 1.0.3'
rbac (5) Versions 1.0.3 Follow6
Allows delegation of service management to users with Solaris Role Based Access Control (RBAC)
cookbook 'rbac', '~> 1.0.3', :supermarket
knife supermarket install rbac
knife supermarket download rbac
Role based access control
Solaris and Illumos provide sophisticated role-based access control for
delegating authorizations within the system. Using RBAC, users can be
given permissions to manage and update services without sudo.
This cookbook provides chef with LWRPs to manage RBAC and grant permissions.
At this time this cookbook ONLY manages SMF-related permissions (ie, ability
of non-priviliged users to start/stop SMF services), but in the future it may
be enhanced to support arbitrary Solaris permissions.
Installation
In order to add the RBAC LWRPs to a chef run, add the following recipe
to the run_list:
rbac::default
This will do no work, but will load the providers.
LWRPs
rbac
Defines a set of authorizations that can be applied to SMF services and
authorized to users, without actually applying them to users.
Actions:
* create (default)
Attributes:
* name
Example:
rbac "nginx" do action :create end
This will update the authorizations file at /etc/security/auth_attr
with the following lines:
solaris.smf.manage.nginx:::Manage nginx Service States::
solaris.smf.value.nginx:::Change value of nginx Service::
Users who are given these authorizations can change properties of the
service as well as change its state (i.e. svcadm disable|enable|restart|clear service
rbac_auth
Adds the rbac definition created by auth
to the user name
.
Actions:
* add (default)
Attributes:
* name - for descriptive purposes and to ensure that each LWRP call is uniquely
identified in the chef run
* user
* auth
Example:
rbac_auth "add nginx management permissions to my_user" do user "my_user" auth "nginx" end
This adds both manage and value auths to user my_user
.
TODO
- separate manage auth from value auth
- ability to delete all rbac attributes
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Collaborator Number Metric
1.0.3 failed this metric
Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.3 failed this metric
FC064: Ensure issues_url is set in metadata: rbac/metadata.rb:1
FC065: Ensure source_url is set in metadata: rbac/metadata.rb:1
FC066: Ensure chef_version is set in metadata: rbac/metadata.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/auth.rb:17
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:9
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:26
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 passed this metric
1.0.3 failed this metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.3 failed this metric
FC064: Ensure issues_url is set in metadata: rbac/metadata.rb:1
FC065: Ensure source_url is set in metadata: rbac/metadata.rb:1
FC066: Ensure chef_version is set in metadata: rbac/metadata.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/auth.rb:17
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:9
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:26
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 passed this metric
1.0.3 failed this metric
FC065: Ensure source_url is set in metadata: rbac/metadata.rb:1
FC066: Ensure chef_version is set in metadata: rbac/metadata.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/auth.rb:17
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:9
FC085: Resource using new_resource.updated_by_last_action to converge resource: rbac/providers/default.rb:26
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 passed this metric
1.0.3 failed this metric
1.0.3 passed this metric