This site is in read only mode. Please continue to browse, but replying, likes, and other actions are disabled for now.

⚠️ We've moved!

Hi there!

To reduce project dependency on 3rd party paid services the StackStorm TSC has decided to move the Q/A from this forum to Github Discussions. This will make user experience better integrated with the native Github flow, as well as the questions closer to the community where they can provide answers.

Use 🔗 Github Discussions to ask your questions.

How can I ONLY see actions, sensors and rules that are in the pack?

At my company we are trying to configure StackStorm to be a tool for normal (non-programmer) coworkers to be able to build workflows using the workflow editor. The idea is we would have us programmers create a pack of actions, rules and sensors of the common tasks a normal user would use.

We would like to simplify the UI as much as possible and only display a single pack for them to drag items from. I cannot seem to make StackStorm ONLY display from the custom pack. It either displays all actions or none.

Here is what I have tried so far.

# /opt/stackstorm/packs/twenty20_solutions/pack.yaml
ref: twenty20_solution
name: Twenty20 Solutions
description: Workflow automation toolbox
keywords:
- twenty20
- solutions
version: 0.0.1
python_versions:
- "3"
author: Twenty20 Solutions
email: [email protected]
  • I enabled RBAC in the st2.conf
[rbac]
enable = True
backend = default
  • I created a role called the normal role
# /opt/stackstorm/rbac/roles/normal.yaml
---
name: "normal"
description: "allowed ui workflow editor access"
enabled: true
permission_grants:
# - permission_types: # commented global permissions
# - "pack_list"
# - "action_list"
- resource_uid: "pack:twenty20_solutions"
permission_types:
- "pack_view"
- resource_uid: "action:twenty20_solutions"
permission_types:
- "action_view"
  • I created a user called “nock”

  • I assigned the user nock to the role of normal

# /opt/stackstorm/rbac/assignments/nock.yaml
---
username: "nock"
description: "trying to get this to work"
enabled: true
roles:
- "normal"

After changes to the role, I run st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf

eric@eric:/etc/st2$ st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf
2021-04-27 17:08:45,323 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "stackstorm".
2021-04-27 17:08:45,328 INFO [-] Successfully connected to database "st2" @ "127.0.0.1:27017" as user "stackstorm".
2021-04-27 17:08:45,484 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
2021-04-27 17:08:45,628 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
2021-04-27 17:08:45,632 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
2021-04-27 17:08:45,635 INFO [-] Synchronizing roles...
2021-04-27 17:08:45,645 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed)
2021-04-27 17:08:45,645 INFO [-] Synchronizing users role assignments...
2021-04-27 17:08:45,668 INFO [-] User role assignments synchronized
2021-04-27 17:08:45,670 INFO [-] Synchronizing group to role maps...
2021-04-27 17:08:45,672 INFO [-] Group to role map definitions synchronized.

After all this when I login as nock to the UI, all the rules are missing.

When I login as st2admin, I see all the rules from the custom pack.

If I uncomment the global permission in normal.yaml, I will see all the rules from all the packs.

I think the problem is with my normal.yaml role config.

If I add the admin role to nock in /opt/stackstorm/rbac/assignments/nock.yaml, I will see all packs, actions, etc. So I think the user part is set up correctly.

How can I ONLY see actions, sensors and rules that are in the twenty20_solutions pack?

Has anyone looked into this?