Merge pull request #290 from winem/remove-ewc-migrate-rbac-ldap

Remove EWC support & move LDAP/RBAC configuration to Stackstorm.st2
StackStorm · May 6, 2021 · 1551a3d · 1551a3d
2 parents 5f1a63c + 0ed1247
commit 1551a3d
Show file tree

Hide file tree

Showing 37 changed files with 249 additions and 721 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -16,11 +16,10 @@ provisioner:
   idempotency_test: true
   extra_vars:
     st2repo_name: <%= ENV['ST2_REPO'] || 'stable' %>
-    ewc_repo: <%= ENV['EWC_REPO'] || 'enterprise' %>
-    ewc_license: "<%= ENV['LICENSE'] ? ENV[ENV['LICENSE']] : ENV['BWC_LICENSE_ENTERPRISE'] %>"
     st2chatops_hubot_adapter: slack
     st2chatops_config:
       HUBOT_SLACK_TOKEN: <%= ENV['HUBOT_SLACK_TOKEN'] %>
+    st2_rbac_enable: yes
 
 platforms:
   # Ubuntu Xenial with Systemd

diff --git a/.travis.yml b/.travis.yml
@@ -9,16 +9,16 @@ branches:
 
 env:
   # default is stable repo
-  - DISTRO=ubuntu-16 LICENSE='BWC_LICENSE_ENTERPRISE'
-  - DISTRO=ubuntu-18 LICENSE='BWC_LICENSE_ENTERPRISE'
-  - DISTRO=centos-7 LICENSE='BWC_LICENSE_ENTERPRISE'
-  - DISTRO=centos-8 LICENSE='BWC_LICENSE_ENTERPRISE'
+  - DISTRO=ubuntu-16
+  - DISTRO=ubuntu-18
+  - DISTRO=centos-7
+  - DISTRO=centos-8
 
   # StackStorm 'unstable' repo check
-  - DISTRO=ubuntu-16 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
-  - DISTRO=ubuntu-18 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
-  - DISTRO=centos-7 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
-  - DISTRO=centos-8 ST2_REPO=unstable EWC_REPO=enterprise-unstable LICENSE='BWC_LICENSE_ENTERPRISE_UNSTABLE'
+  - DISTRO=ubuntu-16 ST2_REPO=unstable
+  - DISTRO=ubuntu-18 ST2_REPO=unstable
+  - DISTRO=centos-7 ST2_REPO=unstable
+  - DISTRO=centos-8 ST2_REPO=unstable
 
 before_script:
   # Personal token for forked PRs

diff --git a/README.md b/README.md
@@ -44,6 +44,10 @@ Below is the list of variables you can redefine in your playbook to customize st
 | `st2_auth_username`      | `testu`       | Username used by StackStorm standalone authentication.
 | `st2_auth_password`      | `testp`       | Password used by StackStorm standalone authentication.
 | `st2_save_credentials`   | `yes`         | Save credentials for local CLI in `/root/.st2/config` file.
+| `st2_rbac_enable`        | `no`          | Enable RBAC. |
+| `st2_rbac`               | [See `st2_rbac` variable in role defaults](roles/st2/defaults/main.yml) | RBAC roles and assignments. This is a dictionary with two keys `roles` and `assignments`. `roles` and `assignments` are in turn both arrays. Each element in the array follows the exact YAML schema for [roles](https://docs.stackstorm.com/rbac.html#user-permissions) and [assignments](https://docs.stackstorm.com/rbac.html#defining-user-role-assignments) defined in ST2 documentation.
+| `st2_ldap_enable`        | `no`          | Enable LDAP authentication backend. |
+| `st2_ldap`               | [See `st2_ldap` variable in role defaults](roles/st2/defaults/main.yml) | Settings for LDAP authentication backend. `st2_ldap` is a dictionary and has one item `backend_kwargs`. `backend_kwargs` should be provided as exactly listed in ST2 documentation for [LDAP configuration](https://docs.stackstorm.com/authentication.html#ldap).
 | `st2_packs`              | `[ st2 ]`     | List of packs to install. This flag does not work with a `--python3` only pack.
 | `st2_python_packages`    | `[ ]`         | List of python packages to install into the `/opt/stackstorm/st2` virtualenv. This is needed when deploying alternative auth or coordination backends which depend on Python modules to make them work.
 | `st2_u16_add_insecure_py3_ppa`	| `false`     | Whether permission is granted to install the deadsnakes Python3.6 PPA for Ubuntu 16. 
@@ -52,13 +56,6 @@ Below is the list of variables you can redefine in your playbook to customize st
 | `st2web_ssl_certificate`     | `null` | String with custom SSL certificate (`.crt`). If not provided, self-signed certificate will be generated.
 | `st2web_ssl_certificate_key` | `null` | String with custom SSL certificate secret key (`.key`). If not provided, self-signed certificate will be generated.
 | `st2web_nginx_config`     | `null` | String with a custom nginx configuration file (`st2.conf`). If not provided, the default st2.conf will be used.
-| **ewc**
-| `ewc_license`            | `null`        | EWC license key is required for installing EWC enteprise bits via this ansible role.
-| `ewc_repo`               | `enterprise`  | EWC PackageCloud repository to install. [`enterprise`](https://packagecloud.io/StackStorm/enterprise/), [`enterprise-unstable`](https://packagecloud.io/StackStorm/enterprise-unstable/), [`staging-enterprise`](https://packagecloud.io/StackStorm/staging-enteprise/), [`staging-enterprise-unstable`](https://packagecloud.io/StackStorm/staging-enterprise-unstable/)
-| `ewc_version`            | `latest`      | EWC enterprise version to install. `present` to install available package, `latest` to get automatic updates, or pin it to numeric version like `2.2.0`. The version used here should match `st2_version`.
-| `ewc_revision`           | `1`           | EWC enterprise revision to install. Used only with pinned `ewc_version`.
-| `ewc_rbac` | [See `ewc_rbac` variable in role defaults](roles/StackStorm.ewc/defaults/main.yml) | EWC RBAC roles and assignments. This is a dictionary with two keys `roles` and `assignments`. `roles` and `assignments` are in turn both arrays. Each element in the array follows the exact YAML schema for [roles](https://ewc-docs.extremenetworks.com/rbac.html#user-permissions) and [assignments](https://ewc-docs.extremenetworks.com/rbac.html#defining-user-role-assignments) defined in EWC documentation.
-| `ewc_ldap` | [See `ewc_ldap` variable in role defaults](roles/StackStorm.ewc/defaults/main.yml) | Settings for EWC LDAP authentication backend. `ewc_ldap` is a dictionary and has one item `backend_kwargs`. `backend_kwargs` should be provided as exactly listed in EWC documentation for [LDAP configuration](https://ewc-docs.extremenetworks.com/authentication.html#auth-backends).
 | **st2chatops**
 | `st2chatops_version`     | `latest`      | st2chatops version to install. `present` to install available package, `latest` to get automatic updates, or pin it to numeric version like `2.2.0` or with revision like `2.2.0-1`.
 | `st2chatops_st2_api_key` |               | st2 API key to be updated in st2chatops.env using "st2 apikey create -k" in a task

diff --git a/meta/main.yml b/meta/main.yml
@@ -8,7 +8,7 @@
 # roles_path = /etc/ansible/roles/:/etc/ansible/roles/StackStorm.stackstorm/roles/
 ---
 galaxy_info:
-  description: Install StackStorm (IFTTT for Ops) with all the components like Web UI, ChatOps, EWC and dependant services including RabbitMQ, MongoDB, nginx.
+  description: Install StackStorm (IFTTT for Ops) with all the components like Web UI, ChatOps and dependant services including RabbitMQ, MongoDB, nginx.
   author: armab
   company: StackStorm
   license: Apache 2.0
@@ -34,8 +34,6 @@ galaxy_info:
     - st2
     - st2web
     - st2chatops
-    - bwc
-    - ewc
     - rabbitmq
     - mongodb
     - nginx
diff --git a/roles/StackStorm.ewc/defaults/main.yml b/roles/StackStorm.ewc/defaults/main.yml
diff --git a/roles/StackStorm.ewc/handlers/main.yml b/roles/StackStorm.ewc/handlers/main.yml
diff --git a/roles/StackStorm.ewc/meta/main.yml b/roles/StackStorm.ewc/meta/main.yml
diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_debian.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_debian.yml
diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_redhat.yml b/roles/StackStorm.ewc/tasks/ewc_repos_cleanup_redhat.yml
diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_debian.yml b/roles/StackStorm.ewc/tasks/ewc_repos_debian.yml
diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_redhat.yml b/roles/StackStorm.ewc/tasks/ewc_repos_redhat.yml
diff --git a/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml b/roles/StackStorm.ewc/tasks/ewc_repos_setup.yml