Valid since:
XL Release 8.6.0
XL Deploy 8.6.0
XL JetPack 8.6.0

You can specify and maintain global permissions, roles, and users for XL Release in YAML, enabling you to manage this aspect of your XL Release configuration “as code”.

Before you begin

In XL Release, you can assign internal and external users to roles that determine the global permissions that they have. Global permissions apply across the entire XL Release system.

You should familiarize yourself with how global permissions and roles work in XL Release:

In addition to global security, you can enforce security on the folder, template, and release level. For more details on how to do this using DevOps as Code, see Manage XL Release folder permissions

Work with users

This section describes how to define internal users in YAML, view the results in the UI, and then generate YAML that reflects your configuration.

Note: Managing external users in YAML is not supported, as these users are managed using an LDAP provider.

Define users in the UI and generate YAML

You can generate a YAML file that specifies your users by using the xl generate command with the -u flag.

xl generate -s xl-release -f users.yaml -u

Example of output results:

---
apiVersion: xl-release/v1
kind: Users
spec:
- username: admin
  name: XL Release Administrator
  enabled: true
- username: chris_smith
  name: chris smith
  email: csmith@company.com
  enabled: true
- username: jay_albert
  name: jay albert
  email: jalbert@company.com
  enabled: true
- username: sue_perez
  name: sue perez
  email: sperez@company.com
  enabled: false

Apply user specification YAML to XL Release

XL Release users have passwords. Therefore, to add a new user, or update an existing user using a YAML specification, you need to add the password field to the user information. Note the following:

  • If you are creating a new user, you will specify an initial password in YAML that you should instruct the user to change at first login.
  • If you are updating an existing user (and assuming you have admin privileges), you do not need to know the user’s existing password. You can effectively reset the password to the value you specify in the YAML.

For example, to add a new user named tim_ellis, create a YAML file called add-user.yaml with this specification:

---
apiVersion: xl-release/v1
kind: Users
spec:
- username: tim_ellis
  name: tim ellis
  email: tellis@company.com
  password: changeme
  enabled: true

Apply the YAML file to XL Release:

xl apply -f add-user.yaml

Return to the UI and see that the user tim_ellis is now listed.

Work with global roles

This section describes how to define global roles in YAML, view the results in the UI, and then generate YAML that reflects your configuration.

Define global roles in YAML

To support running the examples shown in this topic:

  • Create a YAML file called create-roles.yaml
  • Define two roles (Leaders and Developers)
  • Assign users (referred to as principals) to the Leaders and Developers roles

For example:

apiVersion: xl-release/v1
kind: Roles
spec:
- name: Leaders
  principals:
  - jay_albert
- name: Developers
  principals:
  - chris_smith
  - sue_perez

Save the file and apply it to XL Release:

xl apply -f create-roles.yaml

Go to UI and confirm the results.

MyFolder

Generate YAML for global roles

To generate YAML for your existing global role configuration to a file called roles.yaml, add the -r flag:

xl generate -s xl-release -f roles.yaml -r

Result:

---
apiVersion: xl-release/v1
kind: Roles
spec:
- name: Leaders
  principals:
  - jay_albert
- name: Developers
  principals:
  - chris_smith
  - sue_perez

Work with global permissions

This section describes how to define global permissions and view the results in the UI.

Define global permissions in YAML

You can define global permissions in YAML and apply to XL Release.

Create a YAML file called global-perms.yaml and assign specific permissions to each role (Leaders and Developers).

For example:

---
apiVersion: xl-release/v1
kind: Permissions
spec:
- global:
  - role: Leaders
    permissions:
    - template#create
    - reports#view
    - admin
    - security#edit
  - role: Developers
    permissions:
    - release#create
    - global_variables#edit
    - dashboard#create
    - folder#create_top_level

Save the file (e.g., global-perms.yaml) and apply it to XL Release:

xl apply -f global-perms.yaml

Review the results in the UI:

MyFolder

Give more permissions to the Developers role

Using the XL Release UI, give the Developers role additional permissions for the highlighted actions and click Save.

MyFolder

Generate YAML for global permissions

Generate YAML for your global permissions configuration to a file called permissions.yaml, add the -g flag:

xl generate -s xl-release -f permissions.yaml -g

The additional permissions you configured for the Developers role are now included:

---
apiVersion: xl-release/v1
kind: Permissions
spec:
- global:
  - role: Leaders
    permissions:
    - template#create
    - reports#view
    - admin
    - security#edit
  - role: Developers
    permissions:
    - global_calendar#edit_blackout
    - release#create
    - reservation#edit
    - global_variables#edit
    - application#edit
    - environment#edit
    - dashboard#create
    - folder#create_top_level
    - risk_profile#edit