I have the following block in my yml config file:
access-control:
provider: rbac
role-mapping:
role:
"guest":
include:
user:
"buddy"
When I build my project, the entries below are added to the generated standalone-full.xml
<system-properties>
<property name="swarm.management.access-control.role-
mapping.role.guest.include.user" value="buddy"/>
<property name="swarm.management.access-control.provider"
value="rbac"/>
</system-properties>
The problem is that I expected the following node to be generated:
<access-control provider="rbac">
<role-mapping>
<role name="guest">
<include>
<user name="buddy"/>
</include>
</role>
</role-mapping>
</access-control>
Any ideas?
Looks like you are trying to configure role-based access control to the management interface. This is not for the application itself. Is that what you really want? I wouldn't expect mgmt RBAC to be used with WildFly Swarm.
If that's what you really want, here's the JBoss EAP documentation that explains all the concepts: https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/how_to_configure_server_security/#role_based_access_control
To translate it to the WildFly Swarm YAML, based on http://docs.wildfly-swarm.io/2018.5.0/#_management, I believe what you need is something like this (note that I didn't try it :-) ):
swarm:
management:
security-realms:
ManagementRealm:
in-memory-authentication:
users:
albert: # creating a user in the mgmt realm
password: einstein
authorization-access:
provider: rbac
role-mappings:
Operator: # one of the pre-defined roles, can't create new ones
includes:
user-albert: # by convention, should always be user-xxx or group-xxx
name: albert
type: user
But I'll repeat, I don't think you actually want this. If you could describe your usecase, I might be able to help better.