At my company we are trying to configure StackStorm to be a tool for normal (non-programmer) coworkers to be able to build workflows using the workflow editor. The idea is we would have us programmers create a pack of actions, rules and sensors of the common tasks a normal user would use.
We would like to simplify the UI as much as possible and only display a single pack for them to drag items from. I cannot seem to make StackStorm ONLY display from the custom pack. It either displays all actions or none.
Here is what I have tried so far.
- I have created a pack using the steps here under “Creating Your First Pack” Create and Contribute a Pack — StackStorm 3.4.0 documentation.
# /opt/stackstorm/packs/twenty20_solutions/pack.yaml ref: twenty20_solution name: Twenty20 Solutions description: Workflow automation toolbox keywords: - twenty20 - solutions version: 0.0.1 python_versions: - "3" author: Twenty20 Solutions email: firstname.lastname@example.org
- I enabled RBAC in the st2.conf
[rbac] enable = True backend = default
- I created a role called the normal role
# /opt/stackstorm/rbac/roles/normal.yaml --- name: "normal" description: "allowed ui workflow editor access" enabled: true permission_grants: # - permission_types: # commented global permissions # - "pack_list" # - "action_list" - resource_uid: "pack:twenty20_solutions" permission_types: - "pack_view" - resource_uid: "action:twenty20_solutions" permission_types: - "action_view"
I created a user called “nock”
I assigned the user nock to the role of normal
# /opt/stackstorm/rbac/assignments/nock.yaml --- username: "nock" description: "trying to get this to work" enabled: true roles: - "normal"
After changes to the role, I run
eric@eric:/etc/st2$ st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf 2021-04-27 17:08:45,323 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "stackstorm". 2021-04-27 17:08:45,328 INFO [-] Successfully connected to database "st2" @ "127.0.0.1:27017" as user "stackstorm". 2021-04-27 17:08:45,484 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/" 2021-04-27 17:08:45,628 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/" 2021-04-27 17:08:45,632 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/" 2021-04-27 17:08:45,635 INFO [-] Synchronizing roles... 2021-04-27 17:08:45,645 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed) 2021-04-27 17:08:45,645 INFO [-] Synchronizing users role assignments... 2021-04-27 17:08:45,668 INFO [-] User role assignments synchronized 2021-04-27 17:08:45,670 INFO [-] Synchronizing group to role maps... 2021-04-27 17:08:45,672 INFO [-] Group to role map definitions synchronized.
After all this when I login as nock to the UI, all the rules are missing.
When I login as st2admin, I see all the rules from the custom pack.
If I uncomment the global permission in normal.yaml, I will see all the rules from all the packs.
I think the problem is with my normal.yaml role config.
If I add the admin role to nock in /opt/stackstorm/rbac/assignments/nock.yaml, I will see all packs, actions, etc. So I think the user part is set up correctly.
How can I ONLY see actions, sensors and rules that are in the twenty20_solutions pack?