-
Notifications
You must be signed in to change notification settings - Fork 70
/
Copy pathtemplate.yaml
146 lines (135 loc) · 5.56 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
###############################################################################
# Copyright 2013 - 2018 Software AG, Darmstadt, Germany and/or its licensors
#
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
###############################################################################
alias: sag-cc-ldap
description: Command Central sample configuration for LDAP and users, groups and roles
version: 0.3
changes:
- 0.1 Initial draft
- 0.2 CC LDAP 9.10+ configuration including Domain property
- 0.3 CC LDAP extend configurable properties
environments:
default:
ldap.domain: sag # LDAP alias to create
ldap.host: ${} # LDAP host, replica of SAG corporate LDAP
ldap.port: 389
ldap.url : "ldap://${ldap.host}:${ldap.port}"
ldap.principal.dn: "CN=BGQATest,OU=Generic,OU=Bulgaria,DC=eur,DC=ad,DC=sag"
ldap.user.root.dn: "DC=eur,DC=ad,DC=sag"
ldap.group.root.dn: "DC=eur,DC=ad,DC=sag"
ldap.password: ${}
ldap.user.id.attribute: sAMAccountName
ldap.group.id.attribute: sAMAccountName
ldap.connection.timeout: 5000
ldap.pool.minsize: 0
ldap.pool.maxsize: 10
ldap.user.object.class: person
ldap.group.object.class: group
ldap.membership.attribute: member
ldap.membership.type: GROUP
ldap.resolve.nested.groups: 1
ldap.group.viewer: CommandCentral-Swat
ldap.group.operator: RnD-wM-CommandCentralWorkgroup
ldap.group.admin: RnD-wM-Eng-CC-Core
guest.password: welcome
viewer.password: watch
operator.password: do
layers:
cc:
templates:
- cc-ldap
- cc-internal-users
templates:
cc-ldap:
products:
CCE:
default:
runtimeComponentId: CCE
configuration:
OSGI-CCE:
COMMON-LDAP:
COMMON-LDAP-${ldap.domain}: # LDAP users and groups
"@alias": ${ldap.domain}
Domain: ${ldap.domain} # login as domain\userid
URL: ${ldap.url}
Enabled: true
PrincipalDn: ${ldap.principal.dn}
Password: ${ldap.password}
ConnectionTimeout: ${ldap.connection.timeout}
PoolMinSize: ${ldap.pool.minsize}
PoolMaxSize: ${ldap.pool.maxsize}
UserIdAttribute: ${ldap.user.id.attribute}
UserRootDn: ${ldap.user.root.dn}
UserObjectClass: ${ldap.user.object.class}
GroupIdAttribute: ${ldap.group.id.attribute}
GroupRootDn: ${ldap.group.root.dn}
GroupObjectClass: ${ldap.group.object.class}
MembershipAttribute: ${ldap.membership.attribute}
MembershipType: ${ldap.membership.type}
ResolveNestedGroups: ${ldap.resolve.nested.groups}
cc-internal-users:
products:
CCE:
default:
runtimeComponentId: CCE
configuration:
OSGI-CCE:
COMMON-LOCAL-USERS: # internal users
COMMON-LOCAL-USERS-Guest:
"@id": Guest
Password: ${guest.password}
COMMON-LOCAL-USERS-Viewer:
"@id": Viewer
Password: ${viewer.password}
COMMON-LOCAL-USERS-Operator:
"@id": Operator
Password: ${operator.password}
OSGI-CCE-ENGINE:
SIN-INTERNAL-GROUPS:
SIN-INTERNAL-GROUPS-groups.txt: | # internal groups
*
* CUSTOMIZED Command Central groups
*
version:2.0
Administrators:1:Administrator
Viewers:2:Viewer
Operators:3:Operator
SIN-INTERNAL-ROLES:
SIN-INTERNAL-ROLES-roles.txt: | # permissions and roles
*
* CUSTOMIZED Command Central permissions and roles
*
[permissions]
permission:allow=canwrite,canexecute,canread
[roles]
role:SuperAdminRole=*
role:AdminRole=canread,canwrite,canexecute
role:OperatorRole=canread,canexecute
role:ViewerRole=canread
role:PassmanRole=jmx:com.softwareag:passman:canexecute:*
[groups]
group:"Administrators"=SuperAdminRole,PassmanRole
group:"Operators"=OperatorRole
group:"Viewers"=ViewerRole
group:"${ldap.group.admin}"=SuperAdminRole,PassmanRole
group:"${ldap.group.operator}"=OperatorRole
group:"${ldap.group.viewer}"=ViewerRole
provision:
default:
cc:
- local