rundeck创建普通apitoken

rundeck创建普通apitoken

** realm.properties 配置文件加
** apiforhades: MD5:xxxxxx,user,api_token_group

**etc 权限文件添加**
**vim   apiforhades.aclpolicy**

description: Admin, all access.
context:
  project: '.*' # all projects
for:
  resource:
    - equals:
        kind: job
      allow: [read,run,kill] # allow read/create all kinds
    - equals:
        kind: node
      allow: [run]
    - equals:
        kind: event
      allow: [read]
  adhoc:
    - deny: '*'
  job: 
    - allow: [read,run] # allow read/write/delete/run/kill of all jobs
  node:
    - allow: '*' # allow read/run for all nodes
by:
  username: apiforhades 

---

description: Admin, all access.
context:
  application: 'rundeck'
for:
  resource:
    - allow: '*' # allow create of projects
  project:
    - allow: [read,configure] # allow view/admin of all projects
  storage:
    - allow: 'read' # allow read/create/update/delete for all /keys/* storage content
by:
  username: apiforhades

** vim  apitoken.aclpolicy **

description: API project level access control
context:
  project: '.*' # all projects
for:
  resource:
    - equals:
        kind: job
      allow: [read] # allow create and delete jobs
    - equals:
        kind: node
      allow: [run] # allow refresh node sources
    - equals:
        kind: event
      allow: [read] # allow read/create events
  adhoc:
    - deny: '*' # allow running/killing adhoc jobs and read output
  job: 
    - allow: [read] # allow create/read/write/delete/run/kill of all jobs
  node:
    - allow: [run] # allow read/run for all nodes
by:
  group: api_token_group

---

description: API Application level access control
context:
  application: 'rundeck'
for:
  resource:
    - equals:
        kind: system
      allow: [read] # allow read of system info
  project:
    - match:
        name: '.*'
      allow: [read] # allow view of all projects
  storage:
    - match:
        path: '(keys|keys/.*)'
      allow: '*' # allow all access to manage stored keys
by:
  group: api_token_group