@cli.command(name='role-create', short_help='creates a role')
@click.argument('name')
-@click.option('--definition',
+@click.option('--permissions',
default=None,
- help='role definition using a dictionary')
+ help='role permissions using a dictionary')
@click.pass_context
-def role_create(ctx, name, definition):
+def role_create(ctx, name, permissions):
"""
Creates a new role.
"""
try:
check_client_version(ctx.obj, ctx.command.name)
- ctx.obj.role.create(name, definition)
+ ctx.obj.role.create(name, permissions)
except ClientException as inst:
print(inst.message)
exit(1)
@cli.command(name='role-update', short_help='updates a role')
@click.argument('name')
-@click.option('--definition',
+@click.option('--set-name',
default=None,
- help='add a new definition to the role')
+ help='change name of rle')
+# @click.option('--permissions',
+# default=None,
+# help='provide a yaml format dictionary with incremental changes. Values can be bool or None to delete')
@click.option('--add',
default=None,
- help='add a resource access grant/denial')
+ help='yaml format dictionary with permission: True/False to access grant/denial')
@click.option('--remove',
default=None,
- help='remove a resource access grant/denial')
+ help='yaml format list to remove a permission')
@click.pass_context
-def role_update(ctx, name, definition, add, remove):
+def role_update(ctx, name, set_name, add, remove):
"""
Updates a role.
"""
try:
check_client_version(ctx.obj, ctx.command.name)
- ctx.obj.role.update(name, definition, add, remove)
+ ctx.obj.role.update(name, set_name, None, add, remove)
except ClientException as inst:
print(inst.message)
exit(1)
self._apiBase = '{}{}{}'.format(self._apiName,
self._apiVersion, self._apiResource)
- def create(self, name, definition):
+ def create(self, name, permissions):
"""
Creates a new OSM role.
:param name: name of the role.
- :param definition: definition of the role in YAML.
+ :param permissions: permissions of the role in YAML.
:raises ClientException: when receives an unexpected from the server.
:raises ClientException: when fails creating a role.
"""
role = {"name": name}
- if definition:
- role_definition = yaml.load(definition)
+ if permissions:
+ role_permissions = yaml.load(permissions)
- if not isinstance(role_definition, dict):
- raise ClientException('Role definition should be provided in a key-value fashion')
+ if not isinstance(role_permissions, dict):
+ raise ClientException('Role permissions should be provided in a key-value fashion')
- for key, value in role_definition.items():
+ for key, value in role_permissions.items():
if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ raise ClientException("Value of '{}' in a role permissions should be boolean".format(key))
- role[key] = value
+ role["permissions"] = role_permissions
http_code, resp = self._http.post_cmd(endpoint=self._apiBase,
postfields_dict=role)
msg = resp
raise ClientException("Failed to create role {} - {}".format(name, msg))
- def update(self, name, definition=None, add=None, remove=None):
+ def update(self, name, new_name, permissions, add=None, remove=None):
"""
Updates an OSM role identified by name.
NOTE: definition and add/remove are mutually exclusive.
:param name: name of the role
- :param definition: if provided, overwrites the existing role specification.
+ :param set_name: if provided, change the name.
+ :param permissions: if provided, overwrites the existing role specification. NOT IMPLEMENTED
:param add: if provided, adds new rules to the definition.
:param remove: if provided, removes rules from the definition.
:raises ClientException: when receives an unexpected response from the server.
:raises ClientException: when fails updating a role.
"""
- if definition is None and add is None and remove is None:
+ if new_name is None and permissions is None and add is None and remove is None:
raise ClientException('At least one option should be provided')
- elif definition and (add or remove):
- raise ClientException('Definition and add/remove are mutually exclusive')
+ elif permissions and (add or remove):
+ raise ClientException('permissions and add/remove are mutually exclusive')
role_obj = self.get(name)
- new_role_obj = {
- "_id": role_obj["_id"],
- "name": role_obj["name"]
- }
+ new_role_obj = {"permissions": {}}
+ if new_name:
+ new_role_obj["name"] = new_name
- if definition:
- role_definition = yaml.load(definition)
+ if permissions:
+ role_definition = yaml.load(permissions)
if not isinstance(role_definition, dict):
- raise ClientException('Role definition should be provided in a key-value fashion')
+ raise ClientException('Role permissions should be provided in a key-value fashion')
for key, value in role_definition.items():
- if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ if not isinstance(value, bool) and value is not None:
+ raise ClientException('Value in a role permissions should be boolean or None to remove')
- new_role_obj[key] = value
+ new_role_obj["permissions"] = role_definition
else:
- ignore_fields = ["_id", "_admin", "name"]
- keys_from_dict = [key for key in role_obj.keys() if key not in ignore_fields]
-
if remove:
keys_from_remove = yaml.load(remove)
for key in keys_from_remove:
if not isinstance(key, str):
raise ClientException('Individual keys should be strings')
-
- keys_from_dict = [key for key in keys_from_dict if key not in keys_from_remove]
-
- for key in keys_from_dict:
- new_role_obj[key] = role_obj[key]
+ new_role_obj["permissions"][key] = None
if add:
- add_roles = yaml.load(definition)
+ add_roles = yaml.load(add)
if not isinstance(add_roles, dict):
raise ClientException('Add should be provided in a key-value fashion')
for key, value in add_roles.items():
if not isinstance(value, bool):
- raise ClientException('Value in a role definition should be boolean')
+ raise ClientException("Value '{}' in a role permissions should be boolean".format(key))
- new_role_obj[key] = value
+ new_role_obj["permissions"][key] = value
+ if not new_role_obj["permissions"]:
+ del new_role_obj["permissions"]
http_code, resp = self._http.put_cmd(endpoint='{}/{}'.format(self._apiBase, role_obj['_id']),
postfields_dict=new_role_obj)
# print('HTTP CODE: {}'.format(http_code))
# print('RESP: {}'.format(resp))
- if http_code in (200, 201, 202, 204):
+ if http_code in (200, 201, 202):
if resp:
resp = json.loads(resp)
if not resp or 'id' not in resp:
raise ClientException('Unexpected response from server - {}'.format(
resp))
print(resp['id'])
+ elif http_code == 204:
+ print("Updated")
else:
msg = ""
if resp:
projects / osm / osmclient.git / commitdiff