02 Oct 2024 01:45 PM - last edited on 03 Oct 2024 07:35 AM by MaciejNeumann
The attached Zip file contains two scripts that are provided 'as is' to help Administrators planning on migrating their Dynatrace role-based permissions to attribute-based ones in order to leverage the IAM policies.
One script comes in the form of a Notebook export, which you can import and execute in your Dynatrace. The other is a PowerShell script which you can run from any machine with PowerShell installed and access to the Internet.
Both script serve the same purpose; they generate a list of RBAC permissions you have currently assigned to your groups. For each discoveredRBAC permission they also recommend potential replacement with permissions defined within policies.
Scripts connect to your Dynatrace using your provided OAuth token and generate current RBAC role assignments within your Dynatrace.
Pre-Reqs:
04 Nov 2024 07:51 AM
Some users have reported and error when using credentialVault to retrieve your OAuth clientId/Secret and enable lines 47-57 of the notebook script. In this case, line 49 of this script (import { credentialVaultClient } from "@dynatrace-sdk/client-classic-environment-v2";) needs to go outside the export, so in line one.
05 Dec 2024 08:24 PM
The Notebook script times out after 120 seconds, is there a way to increase the timeout?
{
"error": {
"code": 541,
"message": "Execution crashed.",
"details": {
"logs": "",
"type": "TIMEOUT",
"message": "Timeout limit (120s) exceeded"
}
}
}
06 Dec 2024 11:35 AM
This could be related to the default AppEngine 120 max execution timeout AppEngine Functions (Serverless Functions) which I do not think is configurable.
Maybe consider doing the same but with the provided PowerShell script if that is possible for you. The syntax from a terminal window is:
AssessRBACPermissions.ps1 <clientId> <clientSecret>