kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity
chef/cookbooks/rbac/metadata.json
Greg Karékinian bdfb3a1afb Downgrade mysql cookbook for now 
It doesn't play well with our current dev server setup
2017-06-16 22:44:57 +02:00

43 lines
2.5 KiB
JSON
Raw Blame History

{
"name": "rbac",
"description": "Allows delegation of service management to users with Solaris Role Based Access Control (RBAC)",
"long_description": "Role based access control\n=========================\n\nSolaris and Illumos provide sophisticated role-based access control for\ndelegating authorizations within the system. Using RBAC, users can be\ngiven permissions to manage and update services without sudo.\n\nThis cookbook provides chef with LWRPs to manage RBAC and grant permissions.\n\nAt this time this cookbook ONLY manages SMF-related permissions (ie, ability\nof non-priviliged users to start/stop SMF services), but in the future it may\nbe enhanced to support arbitrary Solaris permissions.\n\n## Installation\n\nIn order to add the RBAC LWRPs to a chef run, add the following recipe \nto the run_list:\n\n rbac::default\n\nThis will do no work, but will load the providers.\n\n## LWRPs\n\n### rbac\n\nDefines a set of authorizations that can be applied to SMF services and\nauthorized to users, without actually applying them to users.\n\nActions:\n * create (default)\n\nAttributes:\n * name\n\nExample:\n\n```ruby\nrbac \"nginx\" do\n action :create\nend\n```\n\nThis will update the authorizations file at `/etc/security/auth_attr`\nwith the following lines:\n\n```\nsolaris.smf.manage.nginx:::Manage nginx Service States::\nsolaris.smf.value.nginx:::Change value of nginx Service::\n```\n\nUsers who are given these authorizations can change properties of the\nservice as well as change its state (i.e. `svcadm disable|enable|restart|clear service`\n\n### rbac_auth\n\nAdds the rbac definition created by `auth` to the user `name`.\n\nActions:\n * add (default)\n\nAttributes:\n * name - for descriptive purposes and to ensure that each LWRP call is uniquely\n identified in the chef run\n * user\n * auth\n\nExample:\n\n```ruby\nrbac_auth \"add nginx management permissions to my_user\" do\n user \"my_user\"\n auth \"nginx\"\nend\n```\n\nThis adds both manage and value auths to user `my_user`.\n\n## TODO\n\n* separate manage auth from value auth\n* ability to delete all rbac attributes\n",
"maintainer": "Eric Saxby",
"maintainer_email": "sax@livinginthepast.org",
"license": "MIT",
"platforms": {
"solaris2": ">= 0.0.0",
"smartos": ">= 0.0.0"
},
"dependencies": {
},
"recommendations": {
},
"suggestions": {
},
"conflicting": {
},
"providing": {
},
"replacing": {
},
"attributes": {
},
"groupings": {
},
"recipes": {
},
"version": "1.0.3",
"source_url": "",
"issues_url": ""
}
Reference in New Issue View Git Blame Copy Permalink