3 Replies Latest reply on Mar 17, 2014 5:53 AM by Thomas Segismont

    Dynagroups, Resources for Authorization, Targets for Deployment

    ehle Newbie

      Hello,

       

      I'm trying to figure out how to organize dynagroups and roles so that:

       

      DynaGroup Definitions auto create resource "group" for each Developement JBoss instance, AND any users with new "Developers" Role can deploy bundles to these targets.

       

      I can create a dynagroup of "all the dev instances" like so:

      ALL EAP6 Dev Instances

      resource.type.plugin = JBossAS7

      resource.type.category = SERVER

      resource.parent.type.category = PLATFORM

      groupby resource.pluginConfiguration[productType]

      groupby resource.type.name

      resource.parent.trait[Trait.hostname].contains = -dev

       

      Recursive - yes

      Recalculate 10

      I can add that group to the list of resources my developer role's privileges apply to, but it doesn't produce drop list entries if a developer wants to create a bundle deploy destination for  a specific instance instead of all of them.

       

      I can auto-create unique instances "groups: for each dev system with something like this...

      JBoss Dev:

      resource.type.plugin = JBossAS7

      resource.type.category = SERVER

      resource.parent.type.category = PLATFORM

      groupby resource.type.name

      groupby resource.parent.name

      resource.parent.trait[Trait.hostname].contains = -dev

       

      Recursive -Yes

      Recalculate 10

       

      But I would then need to add each dynamically created group to the list of resources my developer role's privileges apply to, and remember to update it each time a new instance is discovered.  I don't seem to be able to add the parent dynagroup that creates them as a resource, and adding the "ALL EAP6 Dev Instances" resource to the the role, doesn't seem to let a member of the developer role see the "JBoss Dev" child groups in the destination drop down list or give the rights to deploy to them.

       

      So is there a way I can have my cake and eat it too?  I want the role to automatically have commit access to all the resource  groups that my "JBoss Dev" Dynamic Group definition creates, both in aggregate and individually.  I feel like there should be a way to treat a "group of groups" as a role based security

       

      Same question for working with Platforms - How do I give developer role access to all the groups created by:

      Platform JBoss Dev

      resource.trait[Trait.hostname].contains = -dev

      resource.child.type.name = JBossAS7 Standalone Server

      groupby resource.name

       

      Recursive - Yes

      Recalculate interval 10

       

      Any ideals or help would be much appreciated.

      Thanks!

       

      David.