From: tierno Date: Thu, 13 Jun 2019 22:38:05 +0000 (+0000) Subject: bug 767: uniform role format X-Git-Tag: v6.0.0^0 X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2Fosmclient.git;a=commitdiff_plain;h=b2829e950b5d11af468e7eb104c118dad9de1c4e bug 767: uniform role format Change-Id: I977c4ef37218596ada20df7be3ff94b711d2de08 Signed-off-by: tierno --- diff --git a/osmclient/scripts/osm.py b/osmclient/scripts/osm.py index c369ff5..83b4727 100755 --- a/osmclient/scripts/osm.py +++ b/osmclient/scripts/osm.py @@ -2849,11 +2849,11 @@ def vnf_scale(ctx, @cli.command(name='role-create', short_help='creates a role') @click.argument('name') -@click.option('--definition', +@click.option('--permissions', default=None, - help='role definition using a dictionary') + help='role permissions using a dictionary') @click.pass_context -def role_create(ctx, name, definition): +def role_create(ctx, name, permissions): """ Creates a new role. @@ -2863,7 +2863,7 @@ def role_create(ctx, name, definition): """ try: check_client_version(ctx.obj, ctx.command.name) - ctx.obj.role.create(name, definition) + ctx.obj.role.create(name, permissions) except ClientException as inst: print(inst.message) exit(1) @@ -2871,17 +2871,20 @@ def role_create(ctx, name, definition): @cli.command(name='role-update', short_help='updates a role') @click.argument('name') -@click.option('--definition', +@click.option('--set-name', default=None, - help='add a new definition to the role') + help='change name of rle') +# @click.option('--permissions', +# default=None, +# help='provide a yaml format dictionary with incremental changes. Values can be bool or None to delete') @click.option('--add', default=None, - help='add a resource access grant/denial') + help='yaml format dictionary with permission: True/False to access grant/denial') @click.option('--remove', default=None, - help='remove a resource access grant/denial') + help='yaml format list to remove a permission') @click.pass_context -def role_update(ctx, name, definition, add, remove): +def role_update(ctx, name, set_name, add, remove): """ Updates a role. @@ -2893,7 +2896,7 @@ def role_update(ctx, name, definition, add, remove): """ try: check_client_version(ctx.obj, ctx.command.name) - ctx.obj.role.update(name, definition, add, remove) + ctx.obj.role.update(name, set_name, None, add, remove) except ClientException as inst: print(inst.message) exit(1) diff --git a/osmclient/sol005/role.py b/osmclient/sol005/role.py index 3c8d36e..6e052ba 100644 --- a/osmclient/sol005/role.py +++ b/osmclient/sol005/role.py @@ -37,28 +37,28 @@ class Role(object): self._apiBase = '{}{}{}'.format(self._apiName, self._apiVersion, self._apiResource) - def create(self, name, definition): + def create(self, name, permissions): """ Creates a new OSM role. :param name: name of the role. - :param definition: definition of the role in YAML. + :param permissions: permissions of the role in YAML. :raises ClientException: when receives an unexpected from the server. :raises ClientException: when fails creating a role. """ role = {"name": name} - if definition: - role_definition = yaml.load(definition) + if permissions: + role_permissions = yaml.load(permissions) - if not isinstance(role_definition, dict): - raise ClientException('Role definition should be provided in a key-value fashion') + if not isinstance(role_permissions, dict): + raise ClientException('Role permissions should be provided in a key-value fashion') - for key, value in role_definition.items(): + for key, value in role_permissions.items(): if not isinstance(value, bool): - raise ClientException('Value in a role definition should be boolean') + raise ClientException("Value of '{}' in a role permissions should be boolean".format(key)) - role[key] = value + role["permissions"] = role_permissions http_code, resp = self._http.post_cmd(endpoint=self._apiBase, postfields_dict=role) @@ -80,45 +80,42 @@ class Role(object): msg = resp raise ClientException("Failed to create role {} - {}".format(name, msg)) - def update(self, name, definition=None, add=None, remove=None): + def update(self, name, new_name, permissions, add=None, remove=None): """ Updates an OSM role identified by name. NOTE: definition and add/remove are mutually exclusive. :param name: name of the role - :param definition: if provided, overwrites the existing role specification. + :param set_name: if provided, change the name. + :param permissions: if provided, overwrites the existing role specification. NOT IMPLEMENTED :param add: if provided, adds new rules to the definition. :param remove: if provided, removes rules from the definition. :raises ClientException: when receives an unexpected response from the server. :raises ClientException: when fails updating a role. """ - if definition is None and add is None and remove is None: + if new_name is None and permissions is None and add is None and remove is None: raise ClientException('At least one option should be provided') - elif definition and (add or remove): - raise ClientException('Definition and add/remove are mutually exclusive') + elif permissions and (add or remove): + raise ClientException('permissions and add/remove are mutually exclusive') role_obj = self.get(name) - new_role_obj = { - "_id": role_obj["_id"], - "name": role_obj["name"] - } + new_role_obj = {"permissions": {}} + if new_name: + new_role_obj["name"] = new_name - if definition: - role_definition = yaml.load(definition) + if permissions: + role_definition = yaml.load(permissions) if not isinstance(role_definition, dict): - raise ClientException('Role definition should be provided in a key-value fashion') + raise ClientException('Role permissions should be provided in a key-value fashion') for key, value in role_definition.items(): - if not isinstance(value, bool): - raise ClientException('Value in a role definition should be boolean') + if not isinstance(value, bool) and value is not None: + raise ClientException('Value in a role permissions should be boolean or None to remove') - new_role_obj[key] = value + new_role_obj["permissions"] = role_definition else: - ignore_fields = ["_id", "_admin", "name"] - keys_from_dict = [key for key in role_obj.keys() if key not in ignore_fields] - if remove: keys_from_remove = yaml.load(remove) @@ -128,35 +125,35 @@ class Role(object): for key in keys_from_remove: if not isinstance(key, str): raise ClientException('Individual keys should be strings') - - keys_from_dict = [key for key in keys_from_dict if key not in keys_from_remove] - - for key in keys_from_dict: - new_role_obj[key] = role_obj[key] + new_role_obj["permissions"][key] = None if add: - add_roles = yaml.load(definition) + add_roles = yaml.load(add) if not isinstance(add_roles, dict): raise ClientException('Add should be provided in a key-value fashion') for key, value in add_roles.items(): if not isinstance(value, bool): - raise ClientException('Value in a role definition should be boolean') + raise ClientException("Value '{}' in a role permissions should be boolean".format(key)) - new_role_obj[key] = value + new_role_obj["permissions"][key] = value + if not new_role_obj["permissions"]: + del new_role_obj["permissions"] http_code, resp = self._http.put_cmd(endpoint='{}/{}'.format(self._apiBase, role_obj['_id']), postfields_dict=new_role_obj) # print('HTTP CODE: {}'.format(http_code)) # print('RESP: {}'.format(resp)) - if http_code in (200, 201, 202, 204): + if http_code in (200, 201, 202): if resp: resp = json.loads(resp) if not resp or 'id' not in resp: raise ClientException('Unexpected response from server - {}'.format( resp)) print(resp['id']) + elif http_code == 204: + print("Updated") else: msg = "" if resp: