Manage Release Permissions in YAML
You can specify and maintain global permissions, roles, and users for Release in YAML, enabling you to manage this aspect of your Release configuration "as code".
Before you begin
In Release, you can assign internal and external users to roles that determine the global permissions that they have. Global permissions apply across the entire Release system.
You should familiarize yourself with how global permissions and roles work in Release:
In addition to global security, you can enforce security on the folder, template, and release level. for more information on how to do this using DevOps as Code, see Manage Release folder permissions
Work with users
This section describes how to define internal users in YAML, view the results in the UI, and then generate YAML that reflects your configuration.
Managing external users in YAML is not supported, as these users are managed using an LDAP provider.
Define users in the UI and generate YAML
You can generate a YAML file that specifies your users by using the xl generate
command with the -u
flag.
xl generate xl-release -uf users.yaml
Example of output results:
---
apiVersion: xl-release/v1
kind: Users
spec:
- username: admin
name: Release Administrator
enabled: true
- username: chris_smith
name: chris smith
email: csmith@company.com
enabled: true
- username: jay_albert
name: jay albert
email: jalbert@company.com
enabled: true
- username: sue_perez
name: sue perez
email: sperez@company.com
enabled: false
Apply user specification YAML to Release
Release users have passwords. Therefore, to add a new user, or update an existing user using a YAML specification, you need to add the password
field to the user information. Note the following:
- If you are creating a new user, you will specify an initial password in YAML that you should instruct the user to change at first login.
- If you are updating an existing user (and assuming you have admin privileges), you do not need to know the user's existing password. You can effectively reset the password to the value you specify in the YAML.
For example, to add a new user named tim_ellis
, create a YAML file called add-user.yaml
with this specification:
---
apiVersion: xl-release/v1
kind: Users
spec:
- username: tim_ellis
name: tim ellis
email: tellis@company.com
password: changeme
enabled: true
Apply the YAML file to Release:
xl apply -f add-user.yaml
Return to the UI and see that the user tim_ellis
is now listed.
Work with global roles
This section describes how to define global roles in YAML, view the results in the UI, and then generate YAML that reflects your configuration.
Define global roles in YAML
To support running the examples shown in this topic:
- Create a YAML file called
create-roles.yaml
- Define two roles (Leaders and Developers)
- Assign users (referred to as principals) to the Leaders and Developers roles
For example:
apiVersion: xl-release/v1
kind: Roles
spec:
- name: Leaders
principals:
- jay_albert
- name: Developers
principals:
- chris_smith
- sue_perez
Save the file and apply it to Release:
xl apply -f create-roles.yaml
Go to UI and confirm the results.
Generate YAML for global roles
To generate YAML for your existing global role configuration to a file called roles.yaml
, add the -r
flag:
xl generate xl-release -rf roles.yaml
Result:
---
apiVersion: xl-release/v1
kind: Roles
spec:
- name: Leaders
principals:
- jay_albert
- name: Developers
principals:
- chris_smith
- sue_perez
Work with global permissions
This section describes how to define global permissions and view the results in the UI.
Define global permissions in YAML
You can define global permissions in YAML and apply to Release.
Create a YAML file called global-perms.yaml
and assign specific permissions to each role (Leaders and Developers).
For example:
---
apiVersion: xl-release/v1
kind: Permissions
spec:
- global:
- role: Leaders
permissions:
- template#create
- reports#view
- admin
- security#edit
- role: Developers
permissions:
- release#create
- global_variables#edit
- dashboard#create
- folder#create_top_level
Save the file (e.g., global-perms.yaml
) and apply it to Release:
xl apply -f global-perms.yaml
Review the results in the UI:
Give more permissions to the Developers role
Using the Release UI, give the Developers role additional permissions for the highlighted actions and click Save.
Generate YAML for global permissions
To generate YAML for your global permissions configuration to a file called permissions.yaml
, add the -m
flag:
xl generate xl-release -mf permissions.yaml
The additional permissions you configured for the Developers role are now included:
---
apiVersion: xl-release/v1
kind: Permissions
spec:
- global:
- role: Leaders
permissions:
- template#create
- reports#view
- admin
- security#edit
- role: Developers
permissions:
- global_calendar#edit_blackout
- release#create
- reservation#edit
- global_variables#edit
- application#edit
- environment#edit
- dashboard#create
- folder#create_top_level
- risk_profile#edit