-
-
Save Mierdin/5cce5ec644a839d0580f4998ec59c991 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(virtualenv)vagrant@st2dev:~/st2$ st2 whoami | |
Currently logged in as st2admin | |
(virtualenv)vagrant@st2dev:~/st2$ st2 role list | |
ERROR: 403 Client Error: Forbidden | |
MESSAGE: Administrator access required for url: http://127.0.0.1:9101/v1/rbac/roles | |
(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/roles/inquiry_role.yaml | |
--- | |
name: "inquiry_role" | |
description: "inquiry role" | |
enabled: true | |
permission_grants: | |
- resource_uid: "inquiry:ask" | |
permission_types: | |
- "inquiry_respond" | |
- "inquiry_view" | |
(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf | |
2017-09-05 23:35:33,699 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None". | |
2017-09-05 23:35:33,878 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/" | |
2017-09-05 23:35:33,950 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/" | |
2017-09-05 23:35:33,953 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/" | |
2017-09-05 23:35:33,953 INFO [-] Synchronizing roles... | |
2017-09-05 23:35:33,960 INFO [-] Roles synchronized (1 created, 0 updated, 0 removed) | |
2017-09-05 23:35:33,960 INFO [-] Synchronizing users role assignments... | |
2017-09-05 23:35:33,966 INFO [-] User role assignments synchronized | |
2017-09-05 23:35:33,966 INFO [-] Synchronizing group to role maps... | |
2017-09-05 23:35:33,967 INFO [-] Group to role map definitions synchronized. | |
(virtualenv)vagrant@st2dev:~/st2$ st2 role list | |
+--------------------------+--------------+--------+--------------+ | |
| id | name | system | description | | |
+--------------------------+--------------+--------+--------------+ | |
| 59af34bb32ed3553ec5a082e | admin | True | admin | | |
| 59af34c532ed355497e9a366 | inquiry_role | False | inquiry role | | |
| 59af34bb32ed3553ec5a082f | observer | True | observer | | |
| 59af34bb32ed3553ec5a0830 | system_admin | True | system_admin | | |
+--------------------------+--------------+--------+--------------+ | |
(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list | |
+--------------------------+-------+----------+-----------+-------------+ | |
| id | role | user | is_remote | description | | |
+--------------------------+-------+----------+-----------+-------------+ | |
| 59af34c532ed355497e9a368 | admin | st2admin | False | | | |
+--------------------------+-------+----------+-----------+-------------+ | |
(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml | |
version: '2.0' | |
examples.mistral-ask-basic: | |
description: A basic Mistral workflow illustrating the use of Inquiries | |
type: direct | |
output: | |
result: <% task(task1).result.response %> | |
tasks: | |
task1: | |
action: core.ask | |
input: | |
tag: developers | |
users: | |
- iuser | |
schema: | |
required: | |
- continue | |
type: object | |
properties: | |
continue: | |
type: boolean | |
description: Should we continue? | |
on-complete: | |
- task2 | |
task2: | |
action: core.local | |
input: | |
cmd: date | |
(virtualenv)vagrant@st2dev:~/st2$ st2 run examples.mistral-ask-basic | |
. | |
id: 59af34c832ed355431abf39a | |
action.ref: examples.mistral-ask-basic | |
parameters: None | |
status: pausing | |
start_timestamp: 2017-09-05T23:35:36.196752Z | |
end_timestamp: None | |
+--------------------------+---------+-------+----------+-------------------------------+ | |
| id | status | task | action | start_timestamp | | |
+--------------------------+---------+-------+----------+-------------------------------+ | |
| 59af34c832ed355431abf39d | pending | task1 | core.ask | Tue, 05 Sep 2017 23:35:36 UTC | | |
+--------------------------+---------+-------+----------+-------------------------------+ | |
(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp | |
Logged in as iuser | |
Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires. | |
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config). | |
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry list | |
+--------------------------+-------+-------+------------+------+ | |
| id | roles | users | tag | ttl | | |
+--------------------------+-------+-------+------------+------+ | |
| 59af34c832ed355431abf39d | | iuser | developers | 1440 | | |
+--------------------------+-------+-------+------------+------+ | |
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}') | |
Traceback (most recent call last): | |
File "/home/vagrant/st2/st2client/st2client/commands/resource.py", line 162, in get_resource_by_pk | |
instance = self.manager.get_by_id(pk, **kwargs) | |
File "/home/vagrant/st2/st2client/st2client/models/core.py", line 39, in decorate | |
return func(*args, **kwargs) | |
File "/home/vagrant/st2/st2client/st2client/models/core.py", line 204, in get_by_id | |
self.handle_error(response) | |
File "/home/vagrant/st2/st2client/st2client/models/core.py", line 165, in handle_error | |
response.raise_for_status() | |
File "/home/vagrant/st2/virtualenv/local/lib/python2.7/site-packages/requests/models.py", line 928, in raise_for_status | |
raise HTTPError(http_error_msg, response=self) | |
HTTPError: 403 Client Error: Forbidden | |
MESSAGE: User "iuser" doesn't have required permission "inquiry_view" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d | |
Inquiry "59af34c832ed355431abf39d" is not found. | |
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}' | |
ERROR: 403 Client Error: Forbidden | |
MESSAGE: User "iuser" doesn't have required permission "inquiry_respond" on resource "execution:59af34c832ed355431abf39d" for url: http://127.0.0.1:9101/exp/inquiries/59af34c832ed355431abf39d | |
(virtualenv)vagrant@st2dev:~/st2$ sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/ | |
(virtualenv)vagrant@st2dev:~/st2$ cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml | |
--- | |
username: "iuser" | |
roles: | |
- "inquiry_role" | |
(virtualenv)vagrant@st2dev:~/st2$ st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf | |
2017-09-05 23:35:43,052 INFO [-] Connecting to database "st2" @ "127.0.0.1:27017" as user "None". | |
2017-09-05 23:35:43,219 INFO [-] Loading role definitions from "/opt/stackstorm/rbac/roles/" | |
2017-09-05 23:35:43,292 INFO [-] Loading user role assignments from "/opt/stackstorm/rbac/assignments/" | |
2017-09-05 23:35:43,295 INFO [-] Loading group to role map definitions from "/opt/stackstorm/rbac/mappings/" | |
2017-09-05 23:35:43,295 INFO [-] Synchronizing roles... | |
2017-09-05 23:35:43,301 INFO [-] Roles synchronized (0 created, 1 updated, 0 removed) | |
2017-09-05 23:35:43,302 INFO [-] Synchronizing users role assignments... | |
2017-09-05 23:35:43,310 INFO [-] User role assignments synchronized | |
2017-09-05 23:35:43,310 INFO [-] Synchronizing group to role maps... | |
2017-09-05 23:35:43,311 INFO [-] Group to role map definitions synchronized. | |
(virtualenv)vagrant@st2dev:~/st2$ st2 login st2admin --password=testp | |
Logged in as st2admin | |
Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires. | |
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config). | |
(virtualenv)vagrant@st2dev:~/st2$ st2 role-assignment list | |
+--------------------------+--------------+----------+-----------+-------------+ | |
| id | role | user | is_remote | description | | |
+--------------------------+--------------+----------+-----------+-------------+ | |
| 59af34cf32ed3554f5ede2e0 | admin | st2admin | False | | | |
| 59af34cf32ed3554f5ede2e1 | inquiry_role | iuser | False | | | |
+--------------------------+--------------+----------+-----------+-------------+ | |
(virtualenv)vagrant@st2dev:~/st2$ st2 login iuser --password=testp | |
Logged in as iuser | |
Note: You didn't use --write-password option so the password hasn't been stored in the client config and you will need to login again in 24 hours when the auth token expires. | |
As an alternative, you can run st2 login command with the "--write-password" flag, but keep it mind this will cause it to store the password in plain-text in the client config file (~/.st2/config). | |
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}') | |
+----------+--------------------------------------------------+ | |
| Property | Value | | |
+----------+--------------------------------------------------+ | |
| id | 59af34c832ed355431abf39d | | |
| roles | | | |
| users | [ | | |
| | "iuser" | | |
| | ] | | |
| tag | developers | | |
| ttl | 1440 | | |
| schema | { | | |
| | "required": [ | | |
| | "continue" | | |
| | ], | | |
| | "type": "object", | | |
| | "properties": { | | |
| | "continue": { | | |
| | "type": "boolean", | | |
| | "description": "Should we continue?" | | |
| | } | | |
| | } | | |
| | } | | |
+----------+--------------------------------------------------+ | |
(virtualenv)vagrant@st2dev:~/st2$ st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}' | |
+----------+--------------------------+ | |
| Property | Value | | |
+----------+--------------------------+ | |
| id | 59af34c832ed355431abf39d | | |
| response | { | | |
| | "continue": true | | |
| | } | | |
+----------+--------------------------+ | |
##################################### | |
### SUMMARY OF COMMANDS TO FOLLOW ### | |
##################################### | |
sudo mv /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml /opt/stackstorm/rbac/ | |
tools/launchdev.sh stop && tools/launchdev.sh startclean -m -x && python st2client/setup.py install > /dev/null | |
st2 login st2admin --password=testp | |
clear | |
st2 whoami | |
st2 role list | |
cat /opt/stackstorm/rbac/roles/inquiry_role.yaml | |
st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf | |
st2 role list | |
st2 role-assignment list | |
cat /opt/stackstorm/packs/examples/actions/workflows/mistral-ask-basic.yaml | |
st2 run examples.mistral-ask-basic | |
st2 login iuser --password=testp | |
st2 inquiry list | |
st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}') | |
st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}' | |
sudo mv /opt/stackstorm/rbac/inquiry_assignment.yaml /opt/stackstorm/rbac/assignments/ | |
cat /opt/stackstorm/rbac/assignments/inquiry_assignment.yaml | |
st2common/bin/st2-apply-rbac-definitions --config-file=/home/vagrant/st2/conf/st2.dev.conf | |
st2 login st2admin --password=testp | |
st2 role-assignment list | |
st2 login iuser --password=testp | |
st2 inquiry get $(st2 inquiry list | grep developers | awk '{print $2}') | |
st2 inquiry respond $(st2 inquiry list | grep developers | awk '{print $2}') '{"continue": true}' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment