How can I ONLY see actions, sensors and rules that are in the pack?

At my company we are trying to configure StackStorm to be a tool for normal (non-programmer) coworkers to be able to build workflows using the workflow editor. The idea is we would have us programmers create a pack of actions, rules and sensors of the common tasks a normal user would use.

We would like to simplify the UI as much as possible and only display a single pack for them to drag items from. I cannot seem to make StackStorm ONLY display from the custom pack. It either displays all actions or none.

Here is what I have tried so far.

# /opt/stackstorm/packs/twenty20_solutions/pack.yaml
ref: twenty20_solution
name: Twenty20 Solutions
description: Workflow automation toolbox
keywords:
- twenty20
- solutions
version: 0.0.1
python_versions:
- "3"
author: Twenty20 Solutions
email: test@test.com
  • I enabled RBAC in the st2.conf
[rbac]
enable = True
backend = default
  • I created a role called the normal role
# /opt/stackstorm/rbac/roles/normal.yaml
---
name: "normal"
description: "allowed ui workflow editor access"
enabled: true
permission_grants:
# - permission_types: # commented global permissions
# - "pack_list"
# - "action_list"
- resource_uid: "pack:twenty20_solutions"
permission_types:
- "pack_view"
- resource_uid: "action:twenty20_solutions"
permission_types:
- "action_view"
  • I created a user called “nock”

  • I assigned the user nock to the role of normal

# /opt/stackstorm/rbac/assignments/nock.yaml
---
username: "nock"
description: "trying to get this to work"
enabled: true
roles:
- "normal"

After changes to the role, I run st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf

eric@eric:/etc/st2$ st2-apply-rbac-definitions --config-file=/etc/st2/st2.conf
2021-04-27 17:08:45,323 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "stackstorm".
2021-04-27 17:08:45,328 INFO [-] Successfully connected to database "st2" @ "127.0.0.1:27017" as user "stackstorm".
2021-04-27 17:08:45,484 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
2021-04-27 17:08:45,628 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
2021-04-27 17:08:45,632 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
2021-04-27 17:08:45,635 INFO [-] Synchronizing roles...
2021-04-27 17:08:45,645 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed)
2021-04-27 17:08:45,645 INFO [-] Synchronizing users role assignments...
2021-04-27 17:08:45,668 INFO [-] User role assignments synchronized
2021-04-27 17:08:45,670 INFO [-] Synchronizing group to role maps...
2021-04-27 17:08:45,672 INFO [-] Group to role map definitions synchronized.

After all this when I login as nock to the UI, all the rules are missing.

When I login as st2admin, I see all the rules from the custom pack.

If I uncomment the global permission in normal.yaml, I will see all the rules from all the packs.

I think the problem is with my normal.yaml role config.

If I add the admin role to nock in /opt/stackstorm/rbac/assignments/nock.yaml, I will see all packs, actions, etc. So I think the user part is set up correctly.

How can I ONLY see actions, sensors and rules that are in the twenty20_solutions pack?

Has anyone looked into this?