Mierdin/rbac_inquiry_testing Secret

## rbac_inquiry_testing
(virtualenv)vagrant@st2dev:~/st2$ st2 whoami
Currently logged in as st2admin
(virtualenv)vagrant@st2dev:~/st2$ st2 role list
ERROR: 403 Client Error: Forbidden
MESSAGE: Administrator access required for url: http://127.0.0.1:9101/v1/rbac/roles

(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/roles/inquiry_role.yaml
---
    name: "inquiry_role"
    description: "inquiry role"
    enabled: true
    permission_grants:
        - resource_uid: "inquiry:ask"
          permission_types:
              - "inquiry_respond"
              - "inquiry_view"
(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
2017-09-05 23:35:33,699 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None".
2017-09-05 23:35:33,878 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
2017-09-05 23:35:33,950 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
2017-09-05 23:35:33,953 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
2017-09-05 23:35:33,953 INFO [-] Synchronizing roles...
2017-09-05 23:35:33,960 INFO [-] Roles synchronized (1 created, 0 updated, 0 removed)
2017-09-05 23:35:33,960 INFO [-] Synchronizing users role assignments...
2017-09-05 23:35:33,966 INFO [-] User role assignments synchronized
2017-09-05 23:35:33,966 INFO [-] Synchronizing group to role maps...
2017-09-05 23:35:33,967 INFO [-] Group to role map definitions synchronized.
(virtualenv)vagrant@st2dev:~/st2$ st2 role list
+--------------------------+--------------+--------+--------------+
| id                       | name         | system | description  |
+--------------------------+--------------+--------+--------------+
| 59af34bb32ed3553ec5a082e | admin        | True   | admin        |
| 59af34c532ed355497e9a366 | inquiry_role | False  | inquiry role |
| 59af34bb32ed3553ec5a082f | observer     | True   | observer     |
| 59af34bb32ed3553ec5a0830 | system_admin | True   | system_admin |
+--------------------------+--------------+--------+--------------+
(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list
+--------------------------+-------+----------+-----------+-------------+
| id                       | role  | user     | is_remote | description |
+--------------------------+-------+----------+-----------+-------------+
| 59af34c532ed355497e9a368 | admin | st2admin | False     |             |
+--------------------------+-------+----------+-----------+-------------+
(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml
version: '2.0'

examples.mistral-ask-basic:
    description: A basic Mistral workflow illustrating the use of Inquiries
    type: direct
    output:
        result: <% task(task1).result.response %>
    tasks:
        task1:
            action: core.ask
            input:
              tag: developers
              users:
                - iuser
              schema:
                required:
                  - continue
                type: object
                properties:
                  continue:
                    type: boolean
                    description: Should we continue?
            on-complete:
              - task2

        task2:
            action: core.local
            input:
              cmd: date
(virtualenv)vagrant@st2dev:~/st2$ st2 run examples.mistral-ask-basic
.
id: 59af34c832ed355431abf39a
action.ref: examples.mistral-ask-basic
parameters: None
status: pausing
start_timestamp: 2017-09-05T23:35:36.196752Z
end_timestamp: None
+--------------------------+---------+-------+----------+-------------------------------+
| id                       | status  | task  | action   | start_timestamp               |
+--------------------------+---------+-------+----------+-------------------------------+
| 59af34c832ed355431abf39d | pending | task1 | core.ask | Tue, 05 Sep 2017 23:35:36 UTC |
+--------------------------+---------+-------+----------+-------------------------------+
(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp
Logged in as iuser

Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry list
+--------------------------+-------+-------+------------+------+
| id                       | roles | users | tag        | ttl  |
+--------------------------+-------+-------+------------+------+
| 59af34c832ed355431abf39d |       | iuser | developers | 1440 |
+--------------------------+-------+-------+------------+------+
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}')
Traceback (most recent call last):
  File "/home/vagrant/st2/st2client/st2client/commands/resource.py", line 162, in get_resource_by_pk
    instance = self.manager.get_by_id(pk, **kwargs)
  File "/home/vagrant/st2/st2client/st2client/models/core.py", line 39, in decorate
    return func(*args, **kwargs)
  File "/home/vagrant/st2/st2client/st2client/models/core.py", line 204, in get_by_id
    self.handle_error(response)
  File "/home/vagrant/st2/st2client/st2client/models/core.py", line 165, in handle_error
    response.raise_for_status()
  File "/home/vagrant/st2/virtualenv/local/lib/python2.7/site-packages/requests/models.py", line 928, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
HTTPError: 403 Client Error: Forbidden
MESSAGE: User "iuser" doesn't have required permission "inquiry_view" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d
Inquiry "59af34c832ed355431abf39d" is not found.

(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}'
ERROR: 403 Client Error: Forbidden
MESSAGE: User "iuser" doesn't have required permission "inquiry_respond" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d

(virtualenv)vagrant@st2dev:~/st2$ sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/
(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml
---
    username: "iuser"
    roles:
        - "inquiry_role"
(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
2017-09-05 23:35:43,052 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None".
2017-09-05 23:35:43,219 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
2017-09-05 23:35:43,292 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
2017-09-05 23:35:43,295 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
2017-09-05 23:35:43,295 INFO [-] Synchronizing roles...
2017-09-05 23:35:43,301 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed)
2017-09-05 23:35:43,302 INFO [-] Synchronizing users role assignments...
2017-09-05 23:35:43,310 INFO [-] User role assignments synchronized
2017-09-05 23:35:43,310 INFO [-] Synchronizing group to role maps...
2017-09-05 23:35:43,311 INFO [-] Group to role map definitions synchronized.
(virtualenv)vagrant@st2dev:~/st2$ st2 login st2admin --password=testp
Logged in as st2admin

Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list
+--------------------------+--------------+----------+-----------+-------------+
| id                       | role         | user     | is_remote | description |
+--------------------------+--------------+----------+-----------+-------------+
| 59af34cf32ed3554f5ede2e0 | admin        | st2admin | False     |             |
| 59af34cf32ed3554f5ede2e1 | inquiry_role | iuser    | False     |             |
+--------------------------+--------------+----------+-----------+-------------+
(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp
Logged in as iuser

Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}')
+----------+--------------------------------------------------+
| Property | Value                                            |
+----------+--------------------------------------------------+
| id       | 59af34c832ed355431abf39d                         |
| roles    |                                                  |
| users    | [                                                |
|          |     "iuser"                                      |
|          | ]                                                |
| tag      | developers                                       |
| ttl      | 1440                                             |
| schema   | {                                                |
|          |     "required": [                                |
|          |         "continue"                               |
|          |     ],                                           |
|          |     "type": "object",                            |
|          |     "properties": {                              |
|          |         "continue": {                            |
|          |             "type": "boolean",                   |
|          |             "description": "Should we continue?" |
|          |         }                                        |
|          |     }                                            |
|          | }                                                |
+----------+--------------------------------------------------+
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}'
+----------+--------------------------+
| Property | Value                    |
+----------+--------------------------+
| id       | 59af34c832ed355431abf39d |
| response | {                        |
|          |     "continue": true     |
|          | }                        |
+----------+--------------------------+


#####################################
### SUMMARY OF COMMANDS TO FOLLOW ###
#####################################

sudo mv /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml /opt/stackstorm/rbac/
tools/launchdev.sh stop && tools/launchdev.sh startclean -m -x && python st2client/setup.py install > /dev/null
st2 login st2admin --password=testp
clear
st2 whoami
st2 role list
cat /opt/stackstorm/rbac/roles/inquiry_role.yaml
st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
st2 role list
st2 role-assignment list
cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml
st2 run examples.mistral-ask-basic
st2 login iuser --password=testp
st2 inquiry list
st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}')
st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}'
sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/
cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml
st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
st2 login st2admin --password=testp
st2 role-assignment list
st2 login iuser --password=testp
st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}')
st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}'
	(virtualenv)vagrant@st2dev:~/st2$ st2 whoami
	Currently logged in as st2admin
	(virtualenv)vagrant@st2dev:~/st2$ st2 role list
	ERROR: 403 Client Error: Forbidden
	MESSAGE: Administrator access required for url: http://127.0.0.1:9101/v1/rbac/roles

	(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/roles/inquiry_role.yaml
	---
	name: "inquiry_role"
	description: "inquiry role"
	enabled: true
	permission_grants:
	- resource_uid: "inquiry:ask"
	permission_types:
	- "inquiry_respond"
	- "inquiry_view"
	(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
	2017-09-05 23:35:33,699 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None".
	2017-09-05 23:35:33,878 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
	2017-09-05 23:35:33,950 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
	2017-09-05 23:35:33,953 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
	2017-09-05 23:35:33,953 INFO [-] Synchronizing roles...
	2017-09-05 23:35:33,960 INFO [-] Roles synchronized (1 created, 0 updated, 0 removed)
	2017-09-05 23:35:33,960 INFO [-] Synchronizing users role assignments...
	2017-09-05 23:35:33,966 INFO [-] User role assignments synchronized
	2017-09-05 23:35:33,966 INFO [-] Synchronizing group to role maps...
	2017-09-05 23:35:33,967 INFO [-] Group to role map definitions synchronized.
	(virtualenv)vagrant@st2dev:~/st2$ st2 role list
	+--------------------------+--------------+--------+--------------+
	\| id \| name \| system \| description \|
	+--------------------------+--------------+--------+--------------+
	\| 59af34bb32ed3553ec5a082e \| admin \| True \| admin \|
	\| 59af34c532ed355497e9a366 \| inquiry_role \| False \| inquiry role \|
	\| 59af34bb32ed3553ec5a082f \| observer \| True \| observer \|
	\| 59af34bb32ed3553ec5a0830 \| system_admin \| True \| system_admin \|
	+--------------------------+--------------+--------+--------------+
	(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list
	+--------------------------+-------+----------+-----------+-------------+
	\| id \| role \| user \| is_remote \| description \|
	+--------------------------+-------+----------+-----------+-------------+
	\| 59af34c532ed355497e9a368 \| admin \| st2admin \| False \| \|
	+--------------------------+-------+----------+-----------+-------------+
	(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml
	version: '2.0'

	examples.mistral-ask-basic:
	description: A basic Mistral workflow illustrating the use of Inquiries
	type: direct
	output:
	result: <% task(task1).result.response %>
	tasks:
	task1:
	action: core.ask
	input:
	tag: developers
	users:
	- iuser
	schema:
	required:
	- continue
	type: object
	properties:
	continue:
	type: boolean
	description: Should we continue?
	on-complete:
	- task2

	task2:
	action: core.local
	input:
	cmd: date
	(virtualenv)vagrant@st2dev:~/st2$ st2 run examples.mistral-ask-basic
	.
	id: 59af34c832ed355431abf39a
	action.ref: examples.mistral-ask-basic
	parameters: None
	status: pausing
	start_timestamp: 2017-09-05T23:35:36.196752Z
	end_timestamp: None
	+--------------------------+---------+-------+----------+-------------------------------+
	\| id \| status \| task \| action \| start_timestamp \|
	+--------------------------+---------+-------+----------+-------------------------------+
	\| 59af34c832ed355431abf39d \| pending \| task1 \| core.ask \| Tue, 05 Sep 2017 23:35:36 UTC \|
	+--------------------------+---------+-------+----------+-------------------------------+
	(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp
	Logged in as iuser

	Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
	As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
	(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry list
	+--------------------------+-------+-------+------------+------+
	\| id \| roles \| users \| tag \| ttl \|
	+--------------------------+-------+-------+------------+------+
	\| 59af34c832ed355431abf39d \| \| iuser \| developers \| 1440 \|
	+--------------------------+-------+-------+------------+------+
	(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list \| grep developers \| awk '{print $2}')
	Traceback (most recent call last):
	File "/home/vagrant/st2/st2client/st2client/commands/resource.py", line 162, in get_resource_by_pk
	instance = self.manager.get_by_id(pk, **kwargs)
	File "/home/vagrant/st2/st2client/st2client/models/core.py", line 39, in decorate
	return func(args, *kwargs)
	File "/home/vagrant/st2/st2client/st2client/models/core.py", line 204, in get_by_id
	self.handle_error(response)
	File "/home/vagrant/st2/st2client/st2client/models/core.py", line 165, in handle_error
	response.raise_for_status()
	File "/home/vagrant/st2/virtualenv/local/lib/python2.7/site-packages/requests/models.py", line 928, in raise_for_status
	raise HTTPError(http_error_msg, response=self)
	HTTPError: 403 Client Error: Forbidden
	MESSAGE: User "iuser" doesn't have required permission "inquiry_view" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d
	Inquiry "59af34c832ed355431abf39d" is not found.

	(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list \| grep developers \| awk '{print $2}') '{"continue": true}'
	ERROR: 403 Client Error: Forbidden
	MESSAGE: User "iuser" doesn't have required permission "inquiry_respond" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d

	(virtualenv)vagrant@st2dev:~/st2$ sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/
	(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml
	---
	username: "iuser"
	roles:
	- "inquiry_role"
	(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
	2017-09-05 23:35:43,052 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None".
	2017-09-05 23:35:43,219 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/"
	2017-09-05 23:35:43,292 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/"
	2017-09-05 23:35:43,295 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/"
	2017-09-05 23:35:43,295 INFO [-] Synchronizing roles...
	2017-09-05 23:35:43,301 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed)
	2017-09-05 23:35:43,302 INFO [-] Synchronizing users role assignments...
	2017-09-05 23:35:43,310 INFO [-] User role assignments synchronized
	2017-09-05 23:35:43,310 INFO [-] Synchronizing group to role maps...
	2017-09-05 23:35:43,311 INFO [-] Group to role map definitions synchronized.
	(virtualenv)vagrant@st2dev:~/st2$ st2 login st2admin --password=testp
	Logged in as st2admin

	Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
	As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
	(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list
	+--------------------------+--------------+----------+-----------+-------------+
	\| id \| role \| user \| is_remote \| description \|
	+--------------------------+--------------+----------+-----------+-------------+
	\| 59af34cf32ed3554f5ede2e0 \| admin \| st2admin \| False \| \|
	\| 59af34cf32ed3554f5ede2e1 \| inquiry_role \| iuser \| False \| \|
	+--------------------------+--------------+----------+-----------+-------------+
	(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp
	Logged in as iuser

	Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires.
	As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config).
	(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list \| grep developers \| awk '{print $2}')
	+----------+--------------------------------------------------+
	\| Property \| Value \|
	+----------+--------------------------------------------------+
	\| id \| 59af34c832ed355431abf39d \|
	\| roles \| \|
	\| users \| [ \|
	\| \| "iuser" \|
	\| \| ] \|
	\| tag \| developers \|
	\| ttl \| 1440 \|
	\| schema \| { \|
	\| \| "required": [ \|
	\| \| "continue" \|
	\| \| ], \|
	\| \| "type": "object", \|
	\| \| "properties": { \|
	\| \| "continue": { \|
	\| \| "type": "boolean", \|
	\| \| "description": "Should we continue?" \|
	\| \| } \|
	\| \| } \|
	\| \| } \|
	+----------+--------------------------------------------------+
	(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list \| grep developers \| awk '{print $2}') '{"continue": true}'
	+----------+--------------------------+
	\| Property \| Value \|
	+----------+--------------------------+
	\| id \| 59af34c832ed355431abf39d \|
	\| response \| { \|
	\| \| "continue": true \|
	\| \| } \|
	+----------+--------------------------+



	#####################################
	### SUMMARY OF COMMANDS TO FOLLOW ###
	#####################################

	sudo mv /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml /opt/stackstorm/rbac/
	tools/launchdev.sh stop && tools/launchdev.sh startclean -m -x && python st2client/setup.py install > /dev/null
	st2 login st2admin --password=testp
	clear
	st2 whoami
	st2 role list
	cat /opt/stackstorm/rbac/roles/inquiry_role.yaml
	st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
	st2 role list
	st2 role-assignment list
	cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml
	st2 run examples.mistral-ask-basic
	st2 login iuser --password=testp
	st2 inquiry list
	st2 inquiry get $(st2 inquiry list \| grep developers \| awk '{print $2}')
	st2 inquiry respond $(st2 inquiry list \| grep developers \| awk '{print $2}') '{"continue": true}'
	sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/
	cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml
	st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf
	st2 login st2admin --password=testp
	st2 role-assignment list
	st2 login iuser --password=testp
	st2 inquiry get $(st2 inquiry list \| grep developers \| awk '{print $2}')
	st2 inquiry respond $(st2 inquiry list \| grep developers \| awk '{print $2}') '{"continue": true}'