How can I give permission to users just to view specific repos? so it save a lot of time if it is possible to create a privilege to filter with these criteria:
All type of repos start with prefix test
What I've tried:
Using wildcard to create privilege nexus:repository-view:*:test*:browse
to filter all repositories which starts with prefix test
This can save a lot of time for adding repos one by one to each specific role.
Related
We are using Jfrog Artifactory and looking for a way to automate the Repo, Group and permission creation for a list of items as part of a Azuredevops pipeline.
For example, I want to create a virtual Repo called "myproject-mvn-repo" with all its subcomponents as below.
create a virtual repository: myproject-mvn-repo
link existing or create remote repo for maven (if not existing): myproject-mvn-remote-repo
Create 2 local repos if not existing :- myproject-mvn-release-local-repo
- myproject-mvn-snapshot-local-repo
Create a security group for the Repos: - myproject-sg
Create 2 type permission for the Repos and related builds : myproject- developers (read write)
myproject-contributors (read/write/manage)
Add users to the group subsequently
I tried to follow the Jfrog document , but couldn't loop through for a number of items and would need to make it as idempotent(shouldn't create/modify any repo or component if already present)
Let's split it into 2 parts - managing repositories, and managing permissions.
Repositories
In order to create / update / delete multiple repositories in a single request you can use the Artifactory YAML Configuration.
For example (simplified):
PATCH /artifactory/api/system/configuration
Content-Type: application/yaml
localRepositories:
myproject-mvn-release-local-repo:
type: maven
...
myproject-mvn-snapshot-local-repo:
type: maven
...
remoteRepositories:
myproject-mvn-remote-repo:
type: maven
url: ...
...
virtualRepositories:
myproject-mvn-repo:
type: maven
repositories:
- myproject-mvn-release-local-repo
- myproject-mvn-snapshot-local-repo
- myproject-mvn-remote-repo
...
Note - this is a PATCH request, which means that if a repository already exists it will not fail the request, but it will update its configuration based on the settings in this request.
Permissions
For managing permissions there are also two options - using projects (preferred), or using groups and permission targets.
Using Projects
From the documentation:
JFrog Projects is a management entity for hosting your resources (repositories, builds, Release Bundles, and Pipelines), and for associating users/groups as members with specific entitlements. As such, using projects helps Platform Admins to offload part of their day-to-day management effort and to generate a better separation between the customer products to improve customer visibility on efficiency, scale, cost, and security. Projects simplifies the onboarding process for new users, creates better visibility for LOBs and project stakeholders.
You can create projects, assign roles to users and groups in projects, assign repositories to projects, and more. Projects can be managed using REST API, specifically (but not limited to):
Add a New Project - to create a new project
Update User in Project - add a user as a member of the project with given roles
Update Group in Project - add a group as a member of the project with given roles
Move Repository in a Project - to assign a repository to a project
Using Groups and Permission Targets
Manage groups using REST API. First try to create a group. If a group already exists it will return a 409 Conflict, then use update group instead, or just add / remove members to the group.
For example - create group myproject-developers with alice and bob as members (simplified):
POST /access/api/v2/groups
Content-Type: application/json
{
"name": "myproject-developers",
"description": "My project developers",
"members": ["alice", "bob"],
...
}
Manage permissions - use REST API to create / replace permission targets, aggregating the repositories and granting each group its relevant permissions on those repositories.
For example (simplified):
PUT /artifactory/api/security/permissions/myproject-permissions
Content-Type: application/json
{
"name": "myproject-developers",
"repositories": [
"myproject-mvn-release-local-repo",
"myproject-mvn-snapshot-local-repo",
"myproject-mvn-remote-repo"
],
"principals": {
"groups" : {
"myproject-developers" : ["r","w"],
"myproject-contributors" : ["r","w","m"]
}
},
...
}
Is it possible to scope Openstack CLI output for listing networks only for a single project. I have tried multiple options like --os-project-id, --os-project-name etc but it seems to list down all networks across multiple projects/tenants.
Currently, the command I am using is:
openstack network list --os-username XXX --os-password YYY --os-project-id ZZZ
Note: The credentials that I am using here are of an 'admin' account
Parameters set in the environment are :
OS_PROJECT_ID=XXX
OS_REGION_NAME=XXX
OS_TENANT_ID=XXX
OS_USER_DOMAIN_NAME=XXX
OS_PROJECT_NAME=XXX
OS_AUTH_VERSION=XXX
OS_IDENTITY_API_VERSION=XXX
OS_PASSWORD=XXX
OS_AUTH_URL=XXX
OS_USERNAME=XXX
OS_TENANT_NAME=XXX
OS_INTERFACE=XXX
OS_PROJECT_DOMAIN_NAME=XXX
May be your networks are shared by all tenants. If you only have a few networks you can verify with neutron net-show Network-Name and review the shared attribute
BTW I use the env variable OS_PROJECT_NAME to switch between projects
Without any explicit filter specified in the parameters, Neutron's network API returns all networks that the user accessing the API has privileges to list. The recommended way to scope down the list of networks to a specific project is to explicitly specify that filter.
Via CLI, you can scope the list to a specific project "demo" using the following example:
openstack network list --project demo
You can see more filtering options via the help text:
openstack help network list
Issues were caused by an older version of Openstack CLI v3.7.0
Using Openstack CLI version v3.13.0, I was able to solve my requirement. By default, with the domain admin account, the CLI still dumped the entire network list but with the --long flag, the 'project' field this time was populated and I could filter out the results for the specific project.
This was not the case with the previous CLI versions. Usage of '--long' flag had all the values of 'Project' as none.
I'м newbie on Docker.
In the dashboard, I deploy the Wordpress and the Mariadb in different layers. In a container with Wordpress, I made a connection with the Mariadb.
What variables should I edit in the WordPress container, what would it be initialized with the Mariadb database?
The Links section is intended for establishing connection between your Docker containers (obviously, they should be placed at different layers inside a single environment for that).
After such a connection is set, a container will be able to work with environment variables of the linked template (herewith, the imported properties will have a special prefix to be easily separated from this container’s native ones).
To set a new link, click the Add button and fill in the appeared fields:
Node - select the layer with the required image using the drop-down list of ones, available within the current environment
Alias - type a connection alias (DB in our case). Subsequently, it will be used as a prefix for the chosen container’s variables, imported to the currently configured one.
After that click Save to confirm linking settings. You can link as many different nodes to a single container as you require.
You always can Edit or Remove the unnecessary link with the corresponding buttons at the top pane of the Docker layer settings frame.
docker layer
After the new settings are applied, you can check the results by switching to the Variables section (where the newly imported parameters will be listed).
Tip: Upon linking Docker containers, Jelastic also adds the corresponding DNS record (with the identical to the used alias name)
to Jelastic DB. In such a way, you can refer to a particular container
from inside of these two environment layers not just over its IP
address or NodeID, but also specifying the assigned alias with
counter, i.e. {alias_name}_N.
For example, after linking with DB alias (as it’s shown above), you
can ping specific containers at the appropriate layer as “db_1”,
“db_2”, etc while working with Platform internal network via Jelastic
SSH Gateway. Herewith, if using common layer alias (i.e. without
counter, “db” in our case), the system will use Round-Robin algorithm
to choose any container within the defined node group.
https://docs.jelastic.com/docker-links
UPD1
In order to initialize database add these variables to MariaDB:
MYSQL_ROOT_PASSWORD
This variable is mandatory and specifies the password that will be set for the MariaDB root superuser account. In the above example, it was set to my-secret-pw.
MYSQL_DATABASE
This variable is optional and allows you to specify the name of a database to be created on image startup. If a user/password was supplied (see below) then that user will be granted superuser access (corresponding to GRANT ALL) to this database.
MYSQL_USER, MYSQL_PASSWORD
These variables are optional, used in conjunction to create a new user and to set that user's password. This user will be granted superuser permissions (see above) for the database specified by the MYSQL_DATABASE variable. Both variables are required for a user to be created.
I am having an issue when trying to delete a resource group as I get the following error in Azure;
Failed to delete resource group Default-Storage-EastUS: Deletion of resource
group 'Default-Storage-EastUS' failed as resources with identifiers 'Microsoft.ClassicStorage/storageAccounts/bitnamieastusq5n61m4' could not be deleted. The provisioning state of the resource group will be rolled back. The tracking Id is '5b0424e2-bfea-4aef-a832-2230fb3bd279'. Please check audit logs for more details. (Code: ResourceGroupDeletionBlocked) Unable to delete storage account 'bitnamieastusq5n61m4': 'Storage account bitnamieastusq5n61m4 has some active image(s) and/or disk(s), e.g. bitnami-bitnami-wordpress-4.6.1-0-eastus-Q5N61m4. Ensure these image(s) and/or disk(s) are removed before deleting this storage account.'. (Code: StorageAccountOperationFailed)
This was initially a Automated WordPress install from BITNAMI and linked to our pay as you go subscription.
On the BITNAMI account the VM has been removed completely, however it is still showing on AZURE.
Bitnami/Azure resource screen shot
Under Azure Portal, I have checked the Virtual Machines list and there is nothing present.
I have also checked for any disks that may have not been removed correctly, but again there are none.
The delete process is:
Select Resource
choose the eclipse
select delete
enter the resource group name
Click Delete
Notifications show that it does start the deleting process, but then fails with the above error.
Has anyone come across this before, or have any suggestions on how to remove this resource completely?
I have also looked under the storage account on the portal and it shows bitnamieastusq5n61m4, however it will not delete either apparently due to existing disks, but where are these disks?????
The Portal does not show any images or disks....
No VM Images
Thanks for your time and assistance.
Azure says you cannot delete the storage account if it contains images/active vhd(s). In your case it is the same. So, before deleting the resource group you need to delete the image/active vhd(s).
Refer to the screenshot from - https://azure.microsoft.com/en-in/documentation/articles/storage-create-storage-account/
I would recommend you to use powershell command with force parameter for the same.
Remove-AzureRmResourceGroup -Name "abc" -force
/home/khorkak> sudo riak-admin bucket-type
Usage: riak-admin bucket-type <command>
The follow commands can be used to manage bucket types for the cluster:
list List all bucket types and their activation status
status <type> Display the status and properties of a type
activate <type> Activate a type
create <type> <json> Create or modify a type before activation
update <type> <json> Update a type after activation
/home/khorkak>
Well I have a set of bucket types I created while trying some things out that I no longer want around - can I get rid of these without reinstalling Riak?
Unfortunately there is no documented way within Riak currently to delete unused bucket types.
If you don't mind deleting all of the data in Riak you can stop Riak, delete the contents of the data directory, and then restart Riak. (If you have more than one node you will need to to stop each node and delete the data directory on each before restarting the nodes back up.)
If you only delete the data within Bitcask or LevelDB data directories the bucket type metadata will still exist in the ring.