self._apiBase = '{}{}{}'.format(self._apiName,
self._apiVersion, self._apiResource)
- def create(self, name, definition):
+ def create(self, name, permissions):
"""
Creates a new OSM role.
:param name: name of the role.
- :param definition: definition of the role in YAML.
+ :param permissions: permissions of the role in YAML.
:raises ClientException: when receives an unexpected from the server.
:raises ClientException: when fails creating a role.
"""
+ self._client.get_token()
role = {"name": name}
- if definition:
- role_definition = yaml.load(definition)
+ if permissions:
+ role_permissions = yaml.safe_load(permissions)
- if not isinstance(role_definition, dict):
- raise ClientException('Role definition should be provided in a key-value fashion')
+ if not isinstance(role_permissions, dict):
+ raise ClientException('Role permissions should be provided in a key-value fashion')
- for key, value in role_definition.items():
+ for key, value in role_permissions.items():
if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ raise ClientException("Value of '{}' in a role permissions should be boolean".format(key))
- role[key] = value
+ role["permissions"] = role_permissions
http_code, resp = self._http.post_cmd(endpoint=self._apiBase,
postfields_dict=role)
msg = resp
raise ClientException("Failed to create role {} - {}".format(name, msg))
- def update(self, name, definition=None, add=None, remove=None):
+ def update(self, name, new_name, permissions, add=None, remove=None):
"""
Updates an OSM role identified by name.
NOTE: definition and add/remove are mutually exclusive.
:param name: name of the role
- :param definition: if provided, overwrites the existing role specification.
+ :param set_name: if provided, change the name.
+ :param permissions: if provided, overwrites the existing role specification. NOT IMPLEMENTED
:param add: if provided, adds new rules to the definition.
:param remove: if provided, removes rules from the definition.
:raises ClientException: when receives an unexpected response from the server.
:raises ClientException: when fails updating a role.
"""
- if definition is None and add is None and remove is None:
+ self._client.get_token()
+ if new_name is None and permissions is None and add is None and remove is None:
raise ClientException('At least one option should be provided')
- elif definition and (add or remove):
- raise ClientException('Definition and add/remove are mutually exclusive')
+ elif permissions and (add or remove):
+ raise ClientException('permissions and add/remove are mutually exclusive')
role_obj = self.get(name)
- new_role_obj = {
- "_id": role_obj["_id"],
- "name": role_obj["name"]
- }
+ new_role_obj = {"permissions": {}}
+ if new_name:
+ new_role_obj["name"] = new_name
- if definition:
- role_definition = yaml.load(definition)
+ if permissions:
+ role_definition = yaml.safe_load(permissions)
if not isinstance(role_definition, dict):
- raise ClientException('Role definition should be provided in a key-value fashion')
+ raise ClientException('Role permissions should be provided in a key-value fashion')
for key, value in role_definition.items():
- if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ if not isinstance(value, bool) and value is not None:
+ raise ClientException('Value in a role permissions should be boolean or None to remove')
- new_role_obj[key] = value
+ new_role_obj["permissions"] = role_definition
else:
- ignore_fields = ["_id", "_admin", "name"]
- keys_from_dict = [key for key in role_obj.keys() if key not in ignore_fields]
-
if remove:
- keys_from_remove = yaml.load(remove)
+ keys_from_remove = yaml.safe_load(remove)
if not isinstance(keys_from_remove, list):
raise ClientException('Keys should be provided in a list fashion')
for key in keys_from_remove:
if not isinstance(key, str):
raise ClientException('Individual keys should be strings')
-
- keys_from_dict = [key for key in keys_from_dict if key not in keys_from_remove]
-
- for key in keys_from_dict:
- new_role_obj[key] = role_obj[key]
+ new_role_obj["permissions"][key] = None
if add:
- add_roles = yaml.load(definition)
+ add_roles = yaml.safe_load(add)
if not isinstance(add_roles, dict):
raise ClientException('Add should be provided in a key-value fashion')
for key, value in add_roles.items():
if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ raise ClientException("Value '{}' in a role permissions should be boolean".format(key))
- new_role_obj[key] = value
+ new_role_obj["permissions"][key] = value
+ if not new_role_obj["permissions"]:
+ del new_role_obj["permissions"]
http_code, resp = self._http.put_cmd(endpoint='{}/{}'.format(self._apiBase, role_obj['_id']),
postfields_dict=new_role_obj)
# print('HTTP CODE: {}'.format(http_code))
# print('RESP: {}'.format(resp))
- if http_code in (200, 201, 202, 204):
+ if http_code in (200, 201, 202):
if resp:
resp = json.loads(resp)
if not resp or 'id' not in resp:
raise ClientException('Unexpected response from server - {}'.format(
resp))
print(resp['id'])
+ elif http_code == 204:
+ print("Updated")
else:
msg = ""
if resp:
:param force:
:raises ClientException: when fails to delete a role.
"""
+ self._client.get_token()
role = self.get(name)
querystring = ''
if force:
:param filter:
:returns:
"""
+ self._client.get_token()
filter_string = ''
if filter:
filter_string = '?{}'.format(filter)
:raises NotFound: when the role is not found.
:returns: the specified role.
"""
+ self._client.get_token()
if utils.validate_uuid4(name):
for role in self.list():
if name == role['_id']: