Pipeline level RBAC
Role-based access control (RBAC) restricts access based on the roles of individual users within an organization.
OpsMx introduced the Pipeline level RBAC feature to restrict access at the pipeline level within an application. Admin can restrict access to the pipeline's Read, Write, and Execute functions to a specific user group. Through this access, users can define who can edit the pipeline configuration, execute the pipeline, and delete the pipeline.
Note: The following config change will be updated through helm.
To use the Pipeline level RBAC feature, the "fiat" configuration in the all gate secret would be "enabled" by default. If not, set it to "true," as shown below.
Fiat:
baseUrl:http://spin-fiat:
enabled: true
host: 0.0.0.0
port: 7003
Follow the steps below to provide pipeline-level RBAC access:
- 1.Access to the GitHub repository where Spinnaker is configured and locate the fiat-local-yaml file in the path “~/default/profiles/fiat-local.yaml”.
- 2.Update the aggregate and prefix details in the fiat-local-yaml file as mentioned below:auth.permissions.provider.pipeline: aggregateauth.permissions.source.pipeline.Prefix:
- 3.Prefix: Provide any prefix name with “*” mark (Example: “dev*”) as shown below:Note: The pipeline name should begin with the prefix provided here. Here we have mentioned the prefix “dev*”.
- 4.Pipeline Prefix: As mentioned above, a pipeline was created with a specified prefix.
- 5.Permissions: Specify the READ, WRITE and EXECUTE permissions to the specific user group as shown in the below image:Note: In the above example, we provided access as follows:
- “devteam” group has READ permission only
- “qateam” group has READ, WRITE and EXECUTE permissions
- 6.We have only provided “READ” access to the “devteam” group, “WRITE” and “EXECUTE” permissions are not provided. So, this user group can view a specific pipeline and will not be able to modify, execute or delete the pipeline. If the user tries to edit, execute or delete the pipeline, an error message will be displayed as shown below:
- If a restricted user tries to "Edit" the pipeline, the following error message is displayed:
- If a restricted user tries to "Execute" the pipeline, the following error message is displayed:
- If a restricted user tries to "Delete" the pipeline, the following error message is displayed:
Last modified 6mo ago